Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LbgqLv7gT7.exe

Overview

General Information

Sample name:LbgqLv7gT7.exe
renamed because original name is a hash value
Original sample name:8a87cb3c119b985e2e61a8cf06cd0818.exe
Analysis ID:1576053
MD5:8a87cb3c119b985e2e61a8cf06cd0818
SHA1:e6124f9f0f77e0a6b27967a14fdf0fd78da2b250
SHA256:894c5da5da98ac10385ee094d14998a19d6366b90be0406640212175e2bfdc6f
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • LbgqLv7gT7.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\LbgqLv7gT7.exe" MD5: 8A87CB3C119B985E2E61A8CF06CD0818)
    • taskkill.exe (PID: 7452 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7548 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7612 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7676 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7740 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7804 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7836 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7852 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8100 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2192 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74185290-4fc5-4d55-9d98-e682e25cf34a} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a34156f110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7556 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4308 -parentBuildID 20230927232528 -prefsHandle 4300 -prefMapHandle 3764 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a30efe01-9b8b-4e34-b5f5-97a640320bd0} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a353839b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2816 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3040 -prefMapHandle 5296 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f302752-23bb-4329-89a4-e95a38980bcb} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a352bfa110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: LbgqLv7gT7.exe PID: 7436JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: LbgqLv7gT7.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: LbgqLv7gT7.exeReversingLabs: Detection: 39%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
    Machine Learning detection for sample
    Source: LbgqLv7gT7.exeJoe Sandbox ML: detected
    Source: LbgqLv7gT7.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49770 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49774 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49782 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.4:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49808 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49809 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49810 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1796606367.000001A35D703000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1857705853.000001A35D703000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1796606367.000001A35D703000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1857705853.000001A35D703000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_000EDBBE
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F68EE FindFirstFileW,FindClose,0_2_000F68EE
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_000F698F
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_000ED076
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_000ED3A9
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_000F9642
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_000F979D
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_000F9B2B
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_000F5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 226MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000FCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_000FCE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000D.00000003.1790422378.000001A353A2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911770347.000001A35CE50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904655436.000001A35DC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1901792382.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904371265.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911770347.000001A35CE50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911770347.000001A35CE50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904655436.000001A35DC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1901792382.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904371265.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E70C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E70C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E70C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911770347.000001A35CE50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1912952012.000001A359DCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000D.00000003.1858994231.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849893857.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803462040.000001A350ED1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803462040.000001A350ED1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1796837280.000001A350EC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1858994231.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849893857.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803462040.000001A350ED1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803462040.000001A350ED1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1796837280.000001A350EC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
    Source: firefox.exe, 0000000D.00000003.1916424564.000001A359669000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903105314.000001A35D5D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1909462290.000001A35D5D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1847355920.000001A35D5D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904907351.000001A35D5D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000D.00000003.1914176954.000001A359CEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000D.00000003.1846689055.000001A35D6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000D.00000003.1846689055.000001A35D6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904655436.000001A35DC1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000D.00000003.1881281636.000001A359BDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780375604.000001A359BDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779295776.000001A359BF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1777979304.000001A359BF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1782557463.000001A359BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1857780022.000001A351599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787319673.000001A353A83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855179436.000001A3530D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915590623.000001A3596A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897932513.000001A351E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788073101.000001A35999C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917576915.000001A3539D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1859916243.000001A3515F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918350016.000001A353350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891184014.000001A354DE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798002204.000001A35DB5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856384868.000001A352CF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896219929.000001A3515F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896219929.000001A3515CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861949523.000001A353AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917861120.000001A3533A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1762907295.000001A3599AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916424564.000001A359669000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896219929.000001A3515BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787273476.000001A3530E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.c
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803462040.000001A350ED1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1796837280.000001A350EC6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000D.00000003.1858994231.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849893857.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350F0D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803462040.000001A350ED1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
    Source: firefox.exe, 0000000D.00000003.1764385528.000001A352576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000D.00000003.1764385528.000001A352576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000D.00000003.1773822571.000001A3531E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917751233.000001A3539A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763942083.000001A3531E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914058953.000001A359D2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000D.00000003.1727267580.000001A351000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727652877.000001A35123E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727499736.000001A351220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728112439.000001A35127B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000D.00000003.1845889727.000001A35DCFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903718564.000001A35D1B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1910132835.000001A35D1B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000D.00000003.1914727355.000001A3597EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000D.00000003.1763942083.000001A3531F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1884519003.000001A352782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000D.00000003.1763258049.000001A359A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000D.00000003.1914417163.000001A3598F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1914417163.000001A3598F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000D.00000003.1763834588.000001A3598F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914417163.000001A3598F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000D.00000003.1914417163.000001A3598F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000D.00000003.1915590623.000001A3596D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1764385528.000001A3525C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1764325630.000001A35311B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000D.00000003.1790422378.000001A353A2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
    Source: firefox.exe, 0000000D.00000003.1727267580.000001A351000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727652877.000001A35123E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1776775748.000001A3525C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727499736.000001A351220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728112439.000001A35127B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873850044.000001A352F69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1764385528.000001A3525C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000D.00000003.1763224011.000001A359B06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1845889727.000001A35DCFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1766526217.000001A359BA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1768619110.000001A359BA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000D.00000003.1910132835.000001A35D1B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000D.00000003.1845889727.000001A35DCFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000011.00000002.3544137732.000002114E7C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000011.00000002.3544137732.000002114E7C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B532F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000D.00000003.1847355920.000001A35D5D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
    Source: firefox.exe, 0000000D.00000003.1905690719.000001A35D497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1905690719.000001A35D497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1905690719.000001A35D497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1905690719.000001A35D497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1905690719.000001A35D497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
    Source: firefox.exe, 00000011.00000002.3544137732.000002114E7C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000D.00000003.1905690719.000001A35D497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1847355920.000001A35D5D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000011.00000002.3544137732.000002114E7C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000D.00000003.1776658996.000001A352A64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000D.00000003.1727267580.000001A351000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727652877.000001A35123E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727499736.000001A351220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728112439.000001A35127B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790422378.000001A353A2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5389000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E7F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000D.00000003.1910305592.000001A35D19A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846838801.000001A35D64F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1847355920.000001A35D5FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/3fe8d412-80fb-4a53-b4ed-56a7
    Source: firefox.exe, 00000011.00000002.3544137732.000002114E7F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submith
    Source: firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000D.00000003.1764385528.000001A352576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1764385528.000001A35256C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1765723500.000001A352507000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000D.00000003.1790422378.000001A353A2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000010.00000002.3543879560.00000266B5386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E78F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803462040.000001A350ED1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1796837280.000001A350ED2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000D.00000003.1903307391.000001A35D2BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000D.00000003.1912219781.000001A35B9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000D.00000003.1912219781.000001A35B9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1912219781.000001A35B9E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1912219781.000001A35B9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1912445500.000001A35B974000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1912219781.000001A35B9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000D.00000003.1845889727.000001A35DCFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5389000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E7F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000011.00000002.3544137732.000002114E7F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/userw
    Source: places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000D.00000003.1919579022.000001A352DF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000D.00000003.1902326623.000001A35D67F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846838801.000001A35D67F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000D.00000003.1910413330.000001A35D17A000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000D.00000003.1893264155.000001A3540D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867504640.000001A3540D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 0000000D.00000003.1910413330.000001A35D17A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000D.00000003.1846510720.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000D.00000003.1763258049.000001A359A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000D.00000003.1846510720.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 0000000D.00000003.1914417163.000001A3598F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000D.00000003.1914417163.000001A3598F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000D.00000003.1849893857.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855423308.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853926285.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858994231.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854812451.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858002747.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852112096.000001A350ECF000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 0000000D.00000003.1914727355.000001A3597C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000D.00000003.1762244169.000001A3595C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000D.00000003.1727267580.000001A351000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727652877.000001A35123E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727499736.000001A351220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728112439.000001A35127B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000D.00000003.1727267580.000001A351000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1764999442.000001A352551000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727652877.000001A35123E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727499736.000001A351220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728112439.000001A35127B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873850044.000001A352F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1910413330.000001A35D17A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
    Source: firefox.exe, 0000000D.00000003.1766526217.000001A359BA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1768619110.000001A359BA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1910413330.000001A35D17A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
    Source: firefox.exe, 0000000D.00000003.1919579022.000001A352DF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1910132835.000001A35D1B0000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1910413330.000001A35D17A000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000D.00000003.1919579022.000001A352DF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1910413330.000001A35D17A000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000F.00000002.3544377521.0000015D6EEC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E7F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1905690719.000001A35D497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
    Source: firefox.exe, 0000000F.00000002.3544377521.0000015D6EEC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/7
    Source: firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000D.00000003.1910413330.000001A35D17A000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1845889727.000001A35DCF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000D.00000003.1846510720.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E70C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1905190957.000001A35D5AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903307391.000001A35D2BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780008340.000001A3529AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917576915.000001A3539C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000D.00000003.1764004032.000001A353127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000011.00000002.3542088588.000002114E3E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 00000010.00000002.3542355362.00000266B5220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigU
    Source: firefox.exe, 0000000D.00000003.1846838801.000001A35D67F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849891467.000001A352778000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800566864.000001A35DB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917861120.000001A3533E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1882367430.000001A35DB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3547221099.0000015D6EF54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543069339.0000015D6EC4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543069339.0000015D6EC40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3542355362.00000266B5224000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3541603548.00000266B4FC0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3541603548.00000266B4FCA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3543535040.000002114E4BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3542088588.000002114E3E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000011.00000002.3543535040.000002114E4B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd$
    Source: firefox.exe, 0000000B.00000002.1712278613.0000014E90717000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1722499308.000001C198AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000011.00000002.3543535040.000002114E4BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd0
    Source: firefox.exe, 0000000D.00000003.1848638226.000001A350EA7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853250325.000001A350EA7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856072751.000001A350EA7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804403939.000001A350EA7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341153.000001A350EA7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3547221099.0000015D6EF54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543069339.0000015D6EC40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3542355362.00000266B5224000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3541603548.00000266B4FC0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3543535040.000002114E4B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3542088588.000002114E3E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49770 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49774 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49782 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.4:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49808 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49809 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49810 version: TLS 1.2
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_000FEAFF
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000FED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_000FED6A
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_000FEAFF
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000EAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_000EAA57
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_00119576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00119576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: LbgqLv7gT7.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: LbgqLv7gT7.exe, 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b56cf92d-6
    Source: LbgqLv7gT7.exe, 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_5b386917-f
    Source: LbgqLv7gT7.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_37850808-f
    Source: LbgqLv7gT7.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_92d9119a-6
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000266B5974237 NtQuerySystemInformation,16_2_00000266B5974237
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000266B59993B2 NtQuerySystemInformation,16_2_00000266B59993B2
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000ED5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_000ED5EB
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_000E1201
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000EE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_000EE8F6
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F20460_2_000F2046
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000880600_2_00088060
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000E82980_2_000E8298
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000BE4FF0_2_000BE4FF
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000B676B0_2_000B676B
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_001148730_2_00114873
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000ACAA00_2_000ACAA0
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_0008CAF00_2_0008CAF0
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_0009CC390_2_0009CC39
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000B6DD90_2_000B6DD9
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_0009B1190_2_0009B119
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000891C00_2_000891C0
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A13940_2_000A1394
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A17060_2_000A1706
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A781B0_2_000A781B
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000879200_2_00087920
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_0009997D0_2_0009997D
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A19B00_2_000A19B0
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A7A4A0_2_000A7A4A
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A1C770_2_000A1C77
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A7CA70_2_000A7CA7
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_0010BE440_2_0010BE44
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000B9EEE0_2_000B9EEE
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A1F320_2_000A1F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000266B597423716_2_00000266B5974237
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000266B59993B216_2_00000266B59993B2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000266B5999ADC16_2_00000266B5999ADC
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000266B59993F216_2_00000266B59993F2
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: String function: 000A0A30 appears 46 times
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: String function: 0009F9F2 appears 31 times
    Source: LbgqLv7gT7.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/41@70/12
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F37B5 GetLastError,FormatMessageW,0_2_000F37B5
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000E10BF AdjustTokenPrivileges,CloseHandle,0_2_000E10BF
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000E16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_000E16C3
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_000F51CD
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000ED4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_000ED4DC
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_000F648E
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_000842A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7684:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7460:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: LbgqLv7gT7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: LbgqLv7gT7.exeReversingLabs: Detection: 39%
    Source: unknownProcess created: C:\Users\user\Desktop\LbgqLv7gT7.exe "C:\Users\user\Desktop\LbgqLv7gT7.exe"
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2192 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74185290-4fc5-4d55-9d98-e682e25cf34a} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a34156f110 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4308 -parentBuildID 20230927232528 -prefsHandle 4300 -prefMapHandle 3764 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a30efe01-9b8b-4e34-b5f5-97a640320bd0} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a353839b10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3040 -prefMapHandle 5296 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f302752-23bb-4329-89a4-e95a38980bcb} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a352bfa110 utility
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2192 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74185290-4fc5-4d55-9d98-e682e25cf34a} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a34156f110 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4308 -parentBuildID 20230927232528 -prefsHandle 4300 -prefMapHandle 3764 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a30efe01-9b8b-4e34-b5f5-97a640320bd0} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a353839b10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3040 -prefMapHandle 5296 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f302752-23bb-4329-89a4-e95a38980bcb} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a352bfa110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: LbgqLv7gT7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: LbgqLv7gT7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: LbgqLv7gT7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: LbgqLv7gT7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: LbgqLv7gT7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: LbgqLv7gT7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: LbgqLv7gT7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1796606367.000001A35D703000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1857705853.000001A35D703000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1796606367.000001A35D703000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1857705853.000001A35D703000.00000004.00000020.00020000.00000000.sdmp
    Source: LbgqLv7gT7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: LbgqLv7gT7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: LbgqLv7gT7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: LbgqLv7gT7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: LbgqLv7gT7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000842DE
    Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A0A76 push ecx; ret 0_2_000A0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_0009F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0009F98E
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_00111C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00111C41
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-94720
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000266B5974237 rdtsc 16_2_00000266B5974237
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeAPI coverage: 3.9 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_000EDBBE
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F68EE FindFirstFileW,FindClose,0_2_000F68EE
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_000F698F
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_000ED076
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_000ED3A9
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_000F9642
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_000F979D
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_000F9B2B
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_000F5C97
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000842DE
    Source: firefox.exe, 0000000F.00000002.3548740814.0000015D6F100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln
    Source: firefox.exe, 0000000F.00000002.3543069339.0000015D6EC4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3541603548.00000266B4FCA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547158109.000002114E800000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3543535040.000002114E4BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000F.00000002.3547711199.0000015D6F016000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000010.00000002.3547285599.00000266B5860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_
    Source: LbgqLv7gT7.exe, 00000000.00000003.1753699487.0000000000C14000.00000004.00000020.00020000.00000000.sdmp, LbgqLv7gT7.exe, 00000000.00000003.1753310807.0000000000BF1000.00000004.00000020.00020000.00000000.sdmp, LbgqLv7gT7.exe, 00000000.00000003.1753472855.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, LbgqLv7gT7.exe, 00000000.00000003.1753210531.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWB
    Source: LbgqLv7gT7.exe, 00000000.00000003.1753310807.0000000000BF1000.00000004.00000020.00020000.00000000.sdmp, LbgqLv7gT7.exe, 00000000.00000003.1753472855.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, LbgqLv7gT7.exe, 00000000.00000003.1753572620.0000000000C25000.00000004.00000020.00020000.00000000.sdmp, LbgqLv7gT7.exe, 00000000.00000003.1753210531.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW"
    Source: firefox.exe, 0000000F.00000002.3548740814.0000015D6F100000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3547285599.00000266B5860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000266B5974237 rdtsc 16_2_00000266B5974237
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000FEAA2 BlockInput,0_2_000FEAA2
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000B2622
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000842DE
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A4CE8 mov eax, dword ptr fs:[00000030h]0_2_000A4CE8
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_000E0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000B2622
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000A083F
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A09D5 SetUnhandledExceptionFilter,0_2_000A09D5
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_000A0C21
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_000E1201
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000C2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_000C2BA5
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000EB226 SendInput,keybd_event,0_2_000EB226
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_001022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_001022DA
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_000E0B62
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000E1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_000E1663
    Source: LbgqLv7gT7.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: LbgqLv7gT7.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000A0698 cpuid 0_2_000A0698
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000DD21C GetLocalTime,0_2_000DD21C
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000DD27A GetUserNameW,0_2_000DD27A
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000BBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_000BBB6F
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_000842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000842DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: LbgqLv7gT7.exe PID: 7436, type: MEMORYSTR
    Source: LbgqLv7gT7.exeBinary or memory string: WIN_81
    Source: LbgqLv7gT7.exeBinary or memory string: WIN_XP
    Source: LbgqLv7gT7.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: LbgqLv7gT7.exeBinary or memory string: WIN_XPe
    Source: LbgqLv7gT7.exeBinary or memory string: WIN_VISTA
    Source: LbgqLv7gT7.exeBinary or memory string: WIN_7
    Source: LbgqLv7gT7.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: LbgqLv7gT7.exe PID: 7436, type: MEMORYSTR
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_00101204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00101204
    Source: C:\Users\user\Desktop\LbgqLv7gT7.exeCode function: 0_2_00101806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00101806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576053 Sample: LbgqLv7gT7.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 LbgqLv7gT7.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 232 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49738, 49739 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49740, 49747, 49749 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    LbgqLv7gT7.exe39%ReversingLabsWin32.Trojan.Amadey
    LbgqLv7gT7.exe100%AviraTR/ATRAPS.Gen
    LbgqLv7gT7.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.195.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.193
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.65.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.78
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		172.217.17.46
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.65.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.171
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 0000000D.00000003.1847355920.000001A35D5D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000011.00000002.3544137732.000002114E7C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.1790422378.000001A353A2E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                              		high
                                                                              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                		high
                                                                                https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3543879560.00000266B5386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E78F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000D.00000003.1914417163.000001A3598F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://shavar.services.mozilla.comfirefox.exe, 0000000D.00000003.1912219781.000001A35B9BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1914417163.000001A3598F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1727267580.000001A351000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727652877.000001A35123E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727499736.000001A351220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728112439.000001A35127B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://youtube.com/firefox.exe, 0000000D.00000003.1764004032.000001A353127000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                          		high
                                                                                                                          https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.amazon.com/firefox.exe, 0000000D.00000003.1846510720.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 0000000D.00000003.1912219781.000001A35B9BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                          		high
                                                                                                                                          http://ocsp.rootca1.amazontrust.com0:firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.youtube.com/firefox.exe, 0000000D.00000003.1846510720.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E70C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000011.00000002.3544137732.000002114E7C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://127.0.0.1:firefox.exe, 0000000D.00000003.1912952012.000001A359DCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://shavar.services.mozilla.com/firefox.exe, 0000000D.00000003.1912219781.000001A35B9E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://spocs.getpocket.com/firefox.exe, 0000000D.00000003.1911572060.000001A35CEEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916537777.000001A354EE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B5312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3544137732.000002114E713000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.13.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1788073101.000001A359944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1857780022.000001A351599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787319673.000001A353A83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855179436.000001A3530D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915590623.000001A3596A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897932513.000001A351E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788073101.000001A35999C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917576915.000001A3539D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1859916243.000001A3515F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918350016.000001A353350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891184014.000001A354DE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798002204.000001A35DB5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856384868.000001A352CF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896219929.000001A3515F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896219929.000001A3515CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861949523.000001A353AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917861120.000001A3533A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1762907295.000001A3599AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916424564.000001A359669000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896219929.000001A3515BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787273476.000001A3530E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://spocs.getpocket.com/userwfirefox.exe, 00000011.00000002.3544137732.000002114E7F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://x1.c.lencr.org/0firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://x1.i.lencr.org/0firefox.exe, 0000000D.00000003.1912952012.000001A359D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1776775748.000001A3525F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://profiler.firefox.comfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000D.00000003.1911770347.000001A35CE5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000D.00000003.1764385528.000001A3525C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1764325630.000001A35311B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000D.00000003.1910132835.000001A35D1B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://www.google.com/searchfirefox.exe, 0000000D.00000003.1727267580.000001A351000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1764999442.000001A352551000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727652877.000001A35123E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727499736.000001A351220000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728112439.000001A35127B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727861075.000001A35125D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873850044.000001A352F69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://gpuweb.github.io/gpuweb/firefox.exe, 0000000D.00000003.1915590623.000001A3596E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://relay.firefox.com/api/v1/firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://json-schema.org/draft-07/schema#-firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://topsites.services.mozilla.com/cid/firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://twitter.com/firefox.exe, 0000000D.00000003.1846510720.000001A35DC9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 0000000D.00000003.1789305969.000001A353A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789965309.000001A353A2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://poczta.interia.pl/mh/?mailto=%sfirefox.exe, 0000000D.00000003.1729967441.000001A34EA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922864570.000001A34EA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899651989.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1730425346.000001A34EA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924089814.000001A34EA39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1729618598.000001A34EA33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://www.google.com/complete/searchfirefox.exe, 0000000D.00000003.1762244169.000001A3595C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfirefox.exe, 0000000F.00000002.3544377521.0000015D6EEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3543879560.00000266B53EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3547415061.000002114E903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://github.com/google/closure-compiler/issues/3177firefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://www.google.com/complete/firefox.exe, 0000000D.00000003.1914727355.000001A3597C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://json-schema.org/draft/2019-09/schema./firefox.exe, 0000000D.00000003.1776394399.000001A352A8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://getpocket.com/recommendationsfirefox.exe, 00000011.00000002.3544137732.000002114E7C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.tsfirefox.exe, 0000000D.00000003.1788073101.000001A359944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359944000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://lit.dev/docs/templates/directives/#stylemapfirefox.exe, 0000000D.00000003.1788073101.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906692278.000001A359956000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://push.services.mozilla.comfirefox.exe, 0000000D.00000003.1903307391.000001A35D2BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://webextensions.settings.services.mozilla.com/v1firefox.exe, 0000000F.00000002.3543918108.0000015D6ECB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3543306863.00000266B5280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3543364532.000002114E440000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.tsfirefox.exe, 0000000D.00000003.1788073101.000001A359944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869386055.000001A359944000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://youtube.comfirefox.exe, 0000000D.00000003.1905190957.000001A35D5AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903307391.000001A35D2BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780008340.000001A3529AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917576915.000001A3539C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          151.101.65.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.78
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1576053
                                                                                                                                                                                                                                                                          Start date and time:2024-12-16 13:49:30 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 8m 2s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:LbgqLv7gT7.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:8a87cb3c119b985e2e61a8cf06cd0818.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/41@70/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                                                                                                                                          • Number of executed functions: 49
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 296
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 44.228.225.150, 54.213.181.160, 35.85.93.176, 142.250.181.138, 172.217.17.46, 88.221.134.155, 88.221.134.209, 23.218.208.109, 20.109.210.53, 13.107.246.63, 172.202.163.200
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: LbgqLv7gT7.exe

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            34.149.100.209fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              151.101.65.91fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              Pl8Tb06C8A.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  example.orgfNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  star-mini.c10r.facebook.comfNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  https://afw.soundestlink.com/ce/c/675c127e5a5226f9e7b86686/675c13ae85cd17d1e3e2ab54/675c13c9f9a08fb1fbb3e577?signature=3f4d77f7452e61cf1e0cb9ce4a3540d02af0944caf975b089573a2fc1d891103Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  Herinnering.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  twitter.comfNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.135.65
                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSfNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.173.232.211
                                                                                                                                                                                                                                                                                                                                  i486.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.166.191.50
                                                                                                                                                                                                                                                                                                                                  sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.231.242.135
                                                                                                                                                                                                                                                                                                                                  arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.61.215.198
                                                                                                                                                                                                                                                                                                                                  arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.130.193.5
                                                                                                                                                                                                                                                                                                                                  mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.88.173.144
                                                                                                                                                                                                                                                                                                                                  ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.184.59.188
                                                                                                                                                                                                                                                                                                                                  i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 57.132.226.210
                                                                                                                                                                                                                                                                                                                                  FASTLYUSfNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  https://protect.checkpoint.com/v2/r02/___https://url1251.popmenu.com/qxdhqnhp?zus=z556.WRHPCjsgt/tA51B6LI9w4BubTYwM5p/-7KrggkVEpmPU5/oVFKKM8Rk6rAnqtQtILc2Q2H_3u9DiXC41Sfynx8MyN*~*gGwOol/aO3BY*~*pgD37kbc4-7KGmCSO4DHGqcB*~*D2S053knP-7G*~*y37ScDgrX/lhFDF7r7h5Gwz-7GtvZLu*~*h33zX5RXwSF0oDJX34CSZAvVXm4AFQJ-7Gq-7KxI/mcm4qvQmbxushMLQI9uHWfHKaPI5mifSCu5iVBRcvqUxu7JB4CzzH*~*tp7hI*~*P2JxcRqKbjQDa1m4EV2vJju-7KXGYhKkA/NMg4b3nlprWADF7NLfLtJTf5xKVlxz1PBE*~*XIwKJANjSZxzJHsTEzwI07xTpBPmh9cjRp3bNxF-8I___.YzJlOm1zbm90aWZ5OmM6bzphNDQ0NjUwYTgwNjk4YzE1YzQzODY0NjgzZWZkNGFjNzo3Ojk1N2U6NjEyMTFiMTNiOTljZDFhYmUzOWRiNzM5NDE0NGE3NDNhMDJkZjlhMmI1NzgzMzhlZTAwMjhmZTBkODVlNWNmZDpoOlQ6VAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.130.137
                                                                                                                                                                                                                                                                                                                                  https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                  http://oszhjzefz.trackbest.clickGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                  https://afw.soundestlink.com/ce/c/675c127e5a5226f9e7b86686/675c13ae85cd17d1e3e2ab54/675c13c9f9a08fb1fbb3e577?signature=3f4d77f7452e61cf1e0cb9ce4a3540d02af0944caf975b089573a2fc1d891103Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                  http://898.tv/LantekqsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSfNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.173.232.211
                                                                                                                                                                                                                                                                                                                                  i486.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.166.191.50
                                                                                                                                                                                                                                                                                                                                  sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.231.242.135
                                                                                                                                                                                                                                                                                                                                  arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.61.215.198
                                                                                                                                                                                                                                                                                                                                  arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.130.193.5
                                                                                                                                                                                                                                                                                                                                  mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.88.173.144
                                                                                                                                                                                                                                                                                                                                  ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.184.59.188
                                                                                                                                                                                                                                                                                                                                  i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 57.132.226.210

                                                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dcafNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a4f9c5fd-5b98-4a5c-9efe-74b7a1ad47b5.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.184326301307516
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:KjMXh9WcbhbVbTbfbRbObtbyEl7nErG8JA6WnSrDtTUd/SkDrj:KY6cNhnzFSJkraBnSrDhUd/F
                                                                                                                                                                                                                                                                                                                                                    MD5:B3D17981F19311BF3ED8B4C5129E3D4E
                                                                                                                                                                                                                                                                                                                                                    SHA1:E32A67F40824702FB53B423F6B1EF51FAD850CD9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:27C79B75FD7AB80F3E3753637196239A2873FCC5EA57F36A18B80E00F5660354
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2775598A8157DB6BEF950DD6B3264FD83C68FD53EFCADFA2B4135F217CB45C33CFFEC1C8505882E757064D154071383CAF2DA8EFE200DAB9FC53861F2E0CD4C6
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"a4f9c5fd-5b98-4a5c-9efe-74b7a1ad47b5","creationDate":"2024-12-16T14:20:14.626Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a4f9c5fd-5b98-4a5c-9efe-74b7a1ad47b5.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.184326301307516
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:KjMXh9WcbhbVbTbfbRbObtbyEl7nErG8JA6WnSrDtTUd/SkDrj:KY6cNhnzFSJkraBnSrDhUd/F
                                                                                                                                                                                                                                                                                                                                                    MD5:B3D17981F19311BF3ED8B4C5129E3D4E
                                                                                                                                                                                                                                                                                                                                                    SHA1:E32A67F40824702FB53B423F6B1EF51FAD850CD9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:27C79B75FD7AB80F3E3753637196239A2873FCC5EA57F36A18B80E00F5660354
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2775598A8157DB6BEF950DD6B3264FD83C68FD53EFCADFA2B4135F217CB45C33CFFEC1C8505882E757064D154071383CAF2DA8EFE200DAB9FC53861F2E0CD4C6
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"a4f9c5fd-5b98-4a5c-9efe-74b7a1ad47b5","creationDate":"2024-12-16T14:20:14.626Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 24 bits/pixel
                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):490
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.246483341090937
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:l8v/7J2T+gwjz+vdzLSMO9mj253UT3BcHXhJo:82CgwS//O91iT3BUXh6
                                                                                                                                                                                                                                                                                                                                                    MD5:BD9751DFFFEFFA2154CC5913489ED58C
                                                                                                                                                                                                                                                                                                                                                    SHA1:1C9230053C45CA44883103A6ACFDF49AC53ABF45
                                                                                                                                                                                                                                                                                                                                                    SHA-256:834C4F18E96CFDAA395246183DE76032F1B77886764CEEBE52F6A146FA4D4C3B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:01072F60F4B2489BB84639A6179A82A3EA90A31C1AD61D30EF27800C3114DB5E45662583E1C0B5382F51635DC14372EFC71DCD069999D6B21A5D256C70697790
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:.......................PNG........IHDR................a....IDAT8O...1P......p....d1.....v)......p.nXM.t.H.(.......B$..}_G.{.......:uN...=......s|.$...`0.....dl6.>>>p.\.v;z.......F.a:.2..D.V.....V..n...g.z.X..C...v.......=.H..d..P*...i.."...X,.B...h...xyy.V....I$..J%r....6....Z-:...P..J..........|>'...P.\&.....l6....N5...Z.x<.....h.z..'@...L&.F..'.Jq<...m6.OOO.....$..r:.......v..V..ze.\.p.R..t.Z.....r...B...3.B..0...T*E".p8.D0..`2.D.j...h..n...wF...........#......O....IEND.B`.

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                    MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                    SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                    MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                    SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3052756114782733
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:OdfP22AIFTIUx2dWoM15nLN8zmjdfP22AIFswM+bpoqdWoM15nLFX1RgmtdfP22P:OdiICUgdwwzEdiIC6BdwImdiIiadwq1
                                                                                                                                                                                                                                                                                                                                                    MD5:4DA0951B0518A3EDD78E34CA19E4DC34
                                                                                                                                                                                                                                                                                                                                                    SHA1:E1DBF993D5742DD1D97091A21B4E91773DA2DBB9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:3C99A7210110FF59D35B398229C9849DDB2A073BA35754256139E95475A602AB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:81E6435FFBDA9743FD0A45E5D4A1DEFBB269B3A8B856AC4D6A47DFF538A08A7EF2F94114CE884E8591B31D2B0692E56DB649417F200A0FE52847D247F761E7BD
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.......[....O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.YMf....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.YMf............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.YMf..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........&........C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3052756114782733
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:OdfP22AIFTIUx2dWoM15nLN8zmjdfP22AIFswM+bpoqdWoM15nLFX1RgmtdfP22P:OdiICUgdwwzEdiIC6BdwImdiIiadwq1
                                                                                                                                                                                                                                                                                                                                                    MD5:4DA0951B0518A3EDD78E34CA19E4DC34
                                                                                                                                                                                                                                                                                                                                                    SHA1:E1DBF993D5742DD1D97091A21B4E91773DA2DBB9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:3C99A7210110FF59D35B398229C9849DDB2A073BA35754256139E95475A602AB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:81E6435FFBDA9743FD0A45E5D4A1DEFBB269B3A8B856AC4D6A47DFF538A08A7EF2F94114CE884E8591B31D2B0692E56DB649417F200A0FE52847D247F761E7BD
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.......[....O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.YMf....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.YMf............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.YMf..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........&........C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BQFICZXJAS7CGXUP1X6L.temp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3052756114782733
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:OdfP22AIFTIUx2dWoM15nLN8zmjdfP22AIFswM+bpoqdWoM15nLFX1RgmtdfP22P:OdiICUgdwwzEdiIC6BdwImdiIiadwq1
                                                                                                                                                                                                                                                                                                                                                    MD5:4DA0951B0518A3EDD78E34CA19E4DC34
                                                                                                                                                                                                                                                                                                                                                    SHA1:E1DBF993D5742DD1D97091A21B4E91773DA2DBB9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:3C99A7210110FF59D35B398229C9849DDB2A073BA35754256139E95475A602AB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:81E6435FFBDA9743FD0A45E5D4A1DEFBB269B3A8B856AC4D6A47DFF538A08A7EF2F94114CE884E8591B31D2B0692E56DB649417F200A0FE52847D247F761E7BD
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.......[....O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.YMf....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.YMf............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.YMf..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........&........C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\J2EG9YJ3CFE9CTQPNT77.temp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3052756114782733
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:OdfP22AIFTIUx2dWoM15nLN8zmjdfP22AIFswM+bpoqdWoM15nLFX1RgmtdfP22P:OdiICUgdwwzEdiIC6BdwImdiIiadwq1
                                                                                                                                                                                                                                                                                                                                                    MD5:4DA0951B0518A3EDD78E34CA19E4DC34
                                                                                                                                                                                                                                                                                                                                                    SHA1:E1DBF993D5742DD1D97091A21B4E91773DA2DBB9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:3C99A7210110FF59D35B398229C9849DDB2A073BA35754256139E95475A602AB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:81E6435FFBDA9743FD0A45E5D4A1DEFBB269B3A8B856AC4D6A47DFF538A08A7EF2F94114CE884E8591B31D2B0692E56DB649417F200A0FE52847D247F761E7BD
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.......[....O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.YMf....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.YMf............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.YMf..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........&........C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.9288509285237385
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakN19I:8S+OfJQPUFpOdwNIOdYVjvYcXaNLCP8P
                                                                                                                                                                                                                                                                                                                                                    MD5:FF0BA373C370E42F4C6F2B3C27F2B55D
                                                                                                                                                                                                                                                                                                                                                    SHA1:8C9093742136504FFF0E0250C3FD07BC60711DC0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4FC9EFB08D6CA2A08B8FEE96FC4D3695CCC451B950753C72753BC48FEEDF00F0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:493724B5EDDAC35EC4361985A52CE483F1A9B7680A2A616640D0F93D37DA1BF6B7694A68FD5130738BD1DE5BB6F1D83796E355BC33E538D87E906F51E5095509
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.9288509285237385
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakN19I:8S+OfJQPUFpOdwNIOdYVjvYcXaNLCP8P
                                                                                                                                                                                                                                                                                                                                                    MD5:FF0BA373C370E42F4C6F2B3C27F2B55D
                                                                                                                                                                                                                                                                                                                                                    SHA1:8C9093742136504FFF0E0250C3FD07BC60711DC0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4FC9EFB08D6CA2A08B8FEE96FC4D3695CCC451B950753C72753BC48FEEDF00F0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:493724B5EDDAC35EC4361985A52CE483F1A9B7680A2A616640D0F93D37DA1BF6B7694A68FD5130738BD1DE5BB6F1D83796E355BC33E538D87E906F51E5095509
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                    MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                    SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                    MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                    SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                    MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                                                                                                                    SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                    MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                    SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                    SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                    MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                    SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                    SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                    • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.07326491022133522
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkir:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                    MD5:DD0A4CD5B5B32E586E7E37EE5B5E8D7D
                                                                                                                                                                                                                                                                                                                                                    SHA1:2C71931319DDF2BCCBC0171EF77C811AD45F5055
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BE890C14F436D1F50F8EAF9E671A099585F64F5CE58BCE91316C7B2F1C364DD2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8010864DCEB2D43F8A86209E2BDB58F6CD00CBC77470BBCA72804451906AC0552466966E1F91ADF835E67E00FAFF25DBF7BCF3BEF823FC9DA54EF96159CA4334
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.039873451571426154
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:GHlhVxIZIjoiddlhVxIZIjoiCol8a9//Ylll4llqlyllel4lt:G7VoI3hVoI7L9XIwlio
                                                                                                                                                                                                                                                                                                                                                    MD5:EEF077D2B763EDCB50764A47F0B1FB8C
                                                                                                                                                                                                                                                                                                                                                    SHA1:3F07216A3DC9B1822977A11C3C4293964046CCD4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:907423075EDC9074DDE6A6D6F0359789FC0A685C42F6459023BA48594A4E1C80
                                                                                                                                                                                                                                                                                                                                                    SHA-512:612613D2CBBAB9C36258EB062C714DC19FD50AB9CAA327A2A2875FDFADAF1F7C0ECA2C512E8C82664763988B3705D4491F99484440E15DBB40F9E6197B81E2C6
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:..-.....................\c...9:},7."J...@].M)F...-.....................\c...9:},7."J...@].M)F.........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.11798880308995584
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:Kxd9XfktLxsZ+TdjxsMltTAUCF2QWUCZ7CCQE/TKCbCMxsaxASwl0VZ2i7+:YRMzQ6JtUnWdU+RVxArkZk
                                                                                                                                                                                                                                                                                                                                                    MD5:5F2458454F188AB78B9DF91DB169EA30
                                                                                                                                                                                                                                                                                                                                                    SHA1:C42C9CCF18A33DA482BC4F4B41DD834A6CC88DC2
                                                                                                                                                                                                                                                                                                                                                    SHA-256:69A179DB8D9B75C06B243E46939004C8830F7F1A43258EB1EAEE6952BB3054E5
                                                                                                                                                                                                                                                                                                                                                    SHA-512:766F18C25ECCBB2A732B1818014C6B2309344157DCA06F47D9B80923DECC2A426E747058A931170A58078D8D85025B9CE1548945F51AD9A7DA06911EA5008DBF
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:7....-..........,7."J.....:?............,7."J....9?....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.496471972564714
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:hnaRtLYbBp6qhj4qyaaXy6KcyN6S5RfGNBw8dzSl:seYqOTepcwo0
                                                                                                                                                                                                                                                                                                                                                    MD5:E6DE3DF13486D6C368AC38C38EE7416C
                                                                                                                                                                                                                                                                                                                                                    SHA1:CCC9ECE002E2CC5D69FA67E6906B8E62412E7FB4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B7E6569D8604DC58C60FFED220CEFEA234294132BF24F907BE1417CEA3E1B792
                                                                                                                                                                                                                                                                                                                                                    SHA-512:CE6350E14AA79FC318409821933F83BAC3902A21FDA05C247238168E0FCCBBC05C2CC0729ADC945755C55DFC8467E2CDCC84B3778B441A31811677F0E72EAF44
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734358784);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734358784);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734358784);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173435

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.496471972564714
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:hnaRtLYbBp6qhj4qyaaXy6KcyN6S5RfGNBw8dzSl:seYqOTepcwo0
                                                                                                                                                                                                                                                                                                                                                    MD5:E6DE3DF13486D6C368AC38C38EE7416C
                                                                                                                                                                                                                                                                                                                                                    SHA1:CCC9ECE002E2CC5D69FA67E6906B8E62412E7FB4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B7E6569D8604DC58C60FFED220CEFEA234294132BF24F907BE1417CEA3E1B792
                                                                                                                                                                                                                                                                                                                                                    SHA-512:CE6350E14AA79FC318409821933F83BAC3902A21FDA05C247238168E0FCCBBC05C2CC0729ADC945755C55DFC8467E2CDCC84B3778B441A31811677F0E72EAF44
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734358784);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734358784);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734358784);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173435

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                                                                                                                    MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                                                                                                                    SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1603
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.354550544114547
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:vkSUGlcAxSqao2LXnIgf/pnMHwRlsIgZspH8GH3j6xiM8tdL/5QH2oXfVurD/I0/:cpOxDao2htRLgZYrGxH85k9gw6w4
                                                                                                                                                                                                                                                                                                                                                    MD5:BB17BD8851BDF5B704793C02C35A99D7
                                                                                                                                                                                                                                                                                                                                                    SHA1:E5E16CF18E7558CD9D9319544BA13F02CA7A6B1D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9C210FA36C3CD5E4370694B31B8B924ED461928B9ABB162493FDD302DCB1B8D0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:4E507673115ADFBCFA7109573F07B4FB76CA5F2372525BCCF45FC550367914A44618C9D59FB8694281EC83C48BDF0304836EB0B5B8AE178EA73D4C3A736E8478
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{c78d1c2f-be43-4975-b5d9-3a8587ebcdbb}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734358789450,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI...#0,"image":"chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758...dth":128....eight":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..jUpdate...1,"startTim..P53807...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...60140,"originA..

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1603
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.354550544114547
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:vkSUGlcAxSqao2LXnIgf/pnMHwRlsIgZspH8GH3j6xiM8tdL/5QH2oXfVurD/I0/:cpOxDao2htRLgZYrGxH85k9gw6w4
                                                                                                                                                                                                                                                                                                                                                    MD5:BB17BD8851BDF5B704793C02C35A99D7
                                                                                                                                                                                                                                                                                                                                                    SHA1:E5E16CF18E7558CD9D9319544BA13F02CA7A6B1D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9C210FA36C3CD5E4370694B31B8B924ED461928B9ABB162493FDD302DCB1B8D0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:4E507673115ADFBCFA7109573F07B4FB76CA5F2372525BCCF45FC550367914A44618C9D59FB8694281EC83C48BDF0304836EB0B5B8AE178EA73D4C3A736E8478
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{c78d1c2f-be43-4975-b5d9-3a8587ebcdbb}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734358789450,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI...#0,"image":"chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758...dth":128....eight":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..jUpdate...1,"startTim..P53807...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...60140,"originA..

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1603
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.354550544114547
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:vkSUGlcAxSqao2LXnIgf/pnMHwRlsIgZspH8GH3j6xiM8tdL/5QH2oXfVurD/I0/:cpOxDao2htRLgZYrGxH85k9gw6w4
                                                                                                                                                                                                                                                                                                                                                    MD5:BB17BD8851BDF5B704793C02C35A99D7
                                                                                                                                                                                                                                                                                                                                                    SHA1:E5E16CF18E7558CD9D9319544BA13F02CA7A6B1D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9C210FA36C3CD5E4370694B31B8B924ED461928B9ABB162493FDD302DCB1B8D0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:4E507673115ADFBCFA7109573F07B4FB76CA5F2372525BCCF45FC550367914A44618C9D59FB8694281EC83C48BDF0304836EB0B5B8AE178EA73D4C3A736E8478
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{c78d1c2f-be43-4975-b5d9-3a8587ebcdbb}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734358789450,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI...#0,"image":"chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758...dth":128....eight":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..jUpdate...1,"startTim..P53807...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...60140,"originA..

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                    MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                    SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.034134656523924
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YrSAYP6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycPyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                    MD5:353D7B6095ADB0B4D867836E21D1D62A
                                                                                                                                                                                                                                                                                                                                                    SHA1:E4CE7C43768D0AD791A63391ACC07AE47125CD74
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D2C2CE03E48528D75407E53DBEA28E670F717E6AB1B9F9BE2B235C616A6D93C1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F57E4EA1450E5F243EB138D988C33AAF3E114D0EBE1823EAD0FDC13E9F75D4308B61A98826ABDB5C315D11B6787238DD0B7362EE35E04FE65CA89D307B0BB29A
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T14:19:32.257Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.034134656523924
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YrSAYP6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycPyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                    MD5:353D7B6095ADB0B4D867836E21D1D62A
                                                                                                                                                                                                                                                                                                                                                    SHA1:E4CE7C43768D0AD791A63391ACC07AE47125CD74
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D2C2CE03E48528D75407E53DBEA28E670F717E6AB1B9F9BE2B235C616A6D93C1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F57E4EA1450E5F243EB138D988C33AAF3E114D0EBE1823EAD0FDC13E9F75D4308B61A98826ABDB5C315D11B6787238DD0B7362EE35E04FE65CA89D307B0BB29A
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T14:19:32.257Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):156
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.411137816108237
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                                                                                                                                                                    MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                                                                                                                                                                    SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):156
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.411137816108237
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                                                                                                                                                                    MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                                                                                                                                                                    SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}

                                                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.704157003073188
                                                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                    File name:LbgqLv7gT7.exe
                                                                                                                                                                                                                                                                                                                                                    File size:970'752 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5:8a87cb3c119b985e2e61a8cf06cd0818
                                                                                                                                                                                                                                                                                                                                                    SHA1:e6124f9f0f77e0a6b27967a14fdf0fd78da2b250
                                                                                                                                                                                                                                                                                                                                                    SHA256:894c5da5da98ac10385ee094d14998a19d6366b90be0406640212175e2bfdc6f
                                                                                                                                                                                                                                                                                                                                                    SHA512:24fdc466165c38ddcebe62ffbb362979c5d5c4be9023c4d64c8802b426ea3e9765853407d374125ffe7d1dbc1d1ea845021eb4805c62a420cd6898e57d3cec86
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:eqDEvCTbMWu7rQYlBQcBiT6rprG8a4Qq0:eTvC/MTQYxsWR7a4x
                                                                                                                                                                                                                                                                                                                                                    TLSH:B025AE0273D1C062FF9B92334B9AF6515BBC69260123E61F13A81DB9BD701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                                                                    Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                    Time Stamp:0x675FE393 [Mon Dec 16 08:23:47 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                                                                                    call 00007F29A46D9E73h
                                                                                                                                                                                                                                                                                                                                                    jmp 00007F29A46D977Fh
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    call 00007F29A46D995Dh
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    call 00007F29A46D992Ah
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    add eax, 04h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F29A46DC51Dh
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F29A46DC568h
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F29A46DC551h
                                                                                                                                                                                                                                                                                                                                                    test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                    pop ecx

                                                                                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x1652c.rsrc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                    .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                    .rsrc0xd40000x1652c0x16600c1a10250de16de6f4a5e964566779044False0.7037251222067039data7.1780439596010925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                    RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                    RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0xdc8fc0xd6aedata1.00047308854034
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe9fac0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xea0240x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xea0380x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xea04c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                    RT_VERSION0xea0600xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                    RT_MANIFEST0xea13c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                                                                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                    USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                    GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                    OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                    EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:27.975912094 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:27.976016045 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:27.976584911 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:27.981092930 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:27.981123924 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:29.208343983 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:29.215342999 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:29.219096899 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:29.240288019 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:29.240309954 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:29.240411043 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:29.240885019 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:29.254028082 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.521110058 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.521222115 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.521936893 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.522082090 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.522193909 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.523298025 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.523344040 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.526583910 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.528455973 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.528496027 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.528669119 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.648809910 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.649519920 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.649626970 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.770365000 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.914537907 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.914607048 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.914812088 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.914876938 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.917051077 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.917068005 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.918598890 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.918625116 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.919997931 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.920038939 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.058295965 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.058335066 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.058496952 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.058630943 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.058645964 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.279939890 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.280035973 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.286941051 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.287142038 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.287178040 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.750284910 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.799503088 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.169713974 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.169747114 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.169946909 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.169949055 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.174958944 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.174988985 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.175283909 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.175348997 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.175369024 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.175829887 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.175899982 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.176939011 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.176949978 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.177010059 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.177150011 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.177289009 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.177320957 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.177858114 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.178761005 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.178796053 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.203274012 CET4974780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.238343000 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.238432884 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.239412069 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.239479065 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.243334055 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.243421078 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.244362116 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.244427919 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.245410919 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.245443106 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.245702982 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.245731115 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.245980024 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.248600960 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.248620033 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.248716116 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.248867035 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.248939991 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.249083042 CET49748443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.249116898 CET44349748142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.249202013 CET49748443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.250539064 CET49748443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.250555038 CET44349748142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.293945074 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.294015884 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.296956062 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.296976089 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.297202110 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.299758911 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.299832106 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.299890041 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.299957037 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.323175907 CET804974734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.323249102 CET4974780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.323376894 CET4974780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.342756987 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.443418980 CET804974734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.463093042 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.463246107 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.468168020 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.512187004 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.512201071 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.512276888 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.515374899 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.515398979 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.515670061 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.517888069 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.517987967 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.518021107 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.518302917 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.518330097 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.518671036 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.518708944 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.518944979 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.518954039 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.587946892 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.592432976 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.592605114 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.712361097 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.409938097 CET804974734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.410166979 CET4974780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.410506964 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.410588026 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.415368080 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.415396929 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.415441990 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.415596008 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.415657043 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.451816082 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.451927900 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.464802027 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.469096899 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.469160080 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.491425991 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.491487980 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.491816998 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.493222952 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.493256092 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.530224085 CET804974734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.532613039 CET4974780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.623831034 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.623938084 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.624120951 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.624252081 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.624284029 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.660666943 CET49755443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.660757065 CET4434975534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.660962105 CET49755443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.662152052 CET49755443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.662188053 CET4434975534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.687156916 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.712610960 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.744276047 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.746236086 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.746243000 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.752332926 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.752337933 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.752671957 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.754791021 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.754874945 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.754962921 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.756622076 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.756622076 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.758898973 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.797794104 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.797852039 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.798233986 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.799649000 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.799679041 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.834995985 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.835748911 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.835930109 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.880707026 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.955635071 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.980709076 CET44349748142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.981231928 CET49748443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.983289003 CET44349748142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.983654022 CET49748443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.007793903 CET49748443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.007826090 CET44349748142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.007989883 CET49748443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.008331060 CET44349748142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.009150028 CET49748443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.077065945 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.090075016 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.130271912 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.162770987 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.256488085 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.283655882 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.284030914 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.284351110 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.404072046 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.706970930 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.706995010 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.707189083 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.712629080 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.712702036 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.743993998 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.744067907 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.769589901 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.769654989 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.769876957 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770154953 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770265102 CET49760443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770328999 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770356894 CET4434976034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770366907 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770400047 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770513058 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770551920 CET49760443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.770576000 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.771887064 CET49760443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.771923065 CET4434976034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.771955967 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.844325066 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.844424963 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.846679926 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.846709967 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.847265959 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.849306107 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.849363089 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.849435091 CET4434975435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.849498987 CET49754443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.891702890 CET4434975534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.891779900 CET49755443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.895922899 CET49755443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.895946980 CET4434975534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.895991087 CET49755443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.896133900 CET4434975534.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.896182060 CET49755443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.019661903 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.022645950 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.026794910 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.026827097 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.026870012 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.027091026 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.027295113 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.373018980 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.418319941 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.998558998 CET4434976034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.998693943 CET49760443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:36.002301931 CET49760443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:36.002327919 CET4434976034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:36.002388000 CET49760443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:36.002541065 CET4434976034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:36.002655029 CET49760443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.456218004 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.575997114 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.771724939 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.782984018 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.783035994 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.783112049 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.784682989 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.784701109 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.821554899 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:41.001957893 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:41.002022028 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:41.005855083 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:41.005871058 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:41.005956888 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:41.006057024 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:41.006109953 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.968543053 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.088361025 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.155026913 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.162626028 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.162689924 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.167258978 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.167361975 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.173666954 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.173753977 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.174036980 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.174120903 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.174983025 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.175204992 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.175239086 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.176415920 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.176450968 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.177505970 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.177541018 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.178240061 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.178302050 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.178338051 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.178370953 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.179672003 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.179673910 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.180047989 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.180068016 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.180154085 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.180191040 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.275063038 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.284054995 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.328737974 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.470490932 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.529220104 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.390680075 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.390697956 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.390841961 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.391475916 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.391544104 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.391911030 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.392168045 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.393501043 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.393820047 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.394506931 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.394586086 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.398056984 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.398071051 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.398286104 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.400182962 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.400201082 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.400535107 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.405870914 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.405889034 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406125069 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406466007 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406478882 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406595945 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406620979 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406806946 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406817913 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406860113 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.406970978 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407001972 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407022953 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407032967 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407119036 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407134056 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407201052 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407280922 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407335997 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407433033 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407496929 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407543898 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407640934 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.407711983 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.611335993 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.611398935 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.177731037 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.186635971 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.186724901 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.186908960 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.187014103 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.187041998 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.188391924 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.190949917 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.191035032 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.192914963 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.193001986 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.194895029 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.194899082 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.195034027 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.195060015 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.196469069 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.196513891 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.298552036 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.308370113 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.493046999 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.503763914 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.506661892 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.550631046 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.626909018 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.821966887 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.867110968 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.024477005 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.144412994 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.350233078 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.353379011 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.399784088 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.400883913 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.401108980 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.404000044 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.404028893 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.404385090 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.406585932 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.406672955 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.406769991 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.406938076 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.408391953 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.408691883 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.409298897 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.409585953 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.410795927 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.411711931 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.411742926 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.412086964 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.415929079 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.416030884 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.416106939 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.416280031 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.416290998 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.416352034 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.416496992 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.416538954 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.416661024 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.419940948 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.419991016 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.420205116 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.421533108 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.421552896 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.473419905 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.528623104 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.669712067 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.716393948 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.724905968 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.727819920 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.769746065 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.848165989 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.043418884 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.086152077 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.639987946 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.640369892 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.644857883 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.644889116 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.644984007 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.645606041 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.647663116 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.648273945 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.650161028 CET49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.650254965 CET4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.650743961 CET49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.651843071 CET49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.651922941 CET4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.767673016 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.963036060 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.965780020 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.004390955 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.086160898 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.281675100 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.343022108 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.887906075 CET4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.888144016 CET49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.892915010 CET49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.892915964 CET49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.892971992 CET4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.893351078 CET4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.894298077 CET49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.896348000 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.016211987 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.324817896 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.327855110 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.377156019 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.448106050 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.643510103 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.693551064 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.131788015 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.131845951 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.131994963 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.132169008 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.132190943 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.165525913 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.165616035 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.166508913 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.167958975 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.167994976 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.240921021 CET49781443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.241017103 CET4434978134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.242849112 CET49781443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.244461060 CET49781443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.244494915 CET4434978134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.249288082 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.249325991 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.249623060 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.249768972 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.249774933 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.269521952 CET49783443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.269552946 CET44349783151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.269836903 CET49783443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.269944906 CET49783443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.269953966 CET44349783151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.308049917 CET49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.308157921 CET4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.308240891 CET49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.309554100 CET49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.309578896 CET4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.356736898 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.356820107 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.360265017 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.360277891 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.360584974 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.363051891 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.363156080 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.363212109 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.364837885 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.366818905 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.379573107 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.379647017 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.384465933 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.384480000 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.384555101 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.384643078 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.384746075 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.465208054 CET4434978134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.465287924 CET49781443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.468261003 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.468421936 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.471092939 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.471098900 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.471595049 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.473112106 CET49781443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.473124981 CET4434978134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.473218918 CET49781443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.473280907 CET4434978134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.473778963 CET49781443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.474869967 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.474956989 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.475035906 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.475095034 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.486633062 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.494081020 CET44349783151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.494699001 CET49783443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.497764111 CET49783443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.497766972 CET44349783151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.498086929 CET44349783151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.504635096 CET49783443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.504726887 CET49783443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.504837036 CET44349783151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.504900932 CET49783443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.512409925 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.512445927 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.512712955 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.513016939 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.513025999 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.514924049 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.514950991 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.515036106 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.515202045 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.515212059 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.516983986 CET49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.517009020 CET4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.517245054 CET49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.517354012 CET49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.517366886 CET4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.533044100 CET4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.533128977 CET49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.537689924 CET49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.537719965 CET4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.537769079 CET49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.537986040 CET4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.538391113 CET49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.548907995 CET49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.548947096 CET4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.549035072 CET49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.549161911 CET49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.549175978 CET4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.681942940 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.685172081 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.728976965 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.805021048 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.000190973 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.067661047 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.729613066 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.729784012 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.732223034 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.732255936 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.732508898 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.732597113 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.732656002 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.734585047 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.734618902 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.734647989 CET4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.734764099 CET49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.735647917 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.736706018 CET49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.736717939 CET4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.737360001 CET4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.738804102 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.738879919 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.738986969 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.740202904 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.740284920 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.740403891 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.740905046 CET49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.740958929 CET49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.741075993 CET4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.745435953 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.746027946 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.746049881 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.746051073 CET49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.766426086 CET4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.766529083 CET49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.769145012 CET49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.769159079 CET4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.769490957 CET4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.771584034 CET49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.771652937 CET49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.771759987 CET4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.772272110 CET49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.962946892 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.158313990 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.161443949 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.202110052 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.281852961 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.476933002 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.518630028 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:10.165574074 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:10.285691023 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:10.482081890 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:10.624001980 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:18.510529995 CET49790443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:18.510584116 CET4434979034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:18.511965036 CET49790443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:18.513276100 CET49790443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:18.513293982 CET4434979034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.725764036 CET4434979034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.725857973 CET49790443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.729830980 CET49790443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.729846954 CET4434979034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.729944944 CET49790443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.729984045 CET4434979034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.730159044 CET49790443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.732425928 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.852252960 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.047885895 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.050512075 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.094094992 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.170545101 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.365756035 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.410650015 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.620369911 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.620465994 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.621921062 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.622169971 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.622203112 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.625870943 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.625942945 CET4434980934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.626766920 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.626913071 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.626945972 CET4434980934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.629935980 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.629960060 CET4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.631738901 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.632153988 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.632181883 CET4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.840118885 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.840256929 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.843668938 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.843697071 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.844482899 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.846513033 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.846620083 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.846887112 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.847031116 CET4434980934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.848510027 CET4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.850367069 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.851360083 CET4434980934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.852349043 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.852400064 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.852422953 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.855393887 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.855413914 CET4434980934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.856215954 CET4434980934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.857239962 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.857247114 CET4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.858151913 CET4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860006094 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860094070 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860203981 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860275030 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860387087 CET4434980934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860816002 CET4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860943079 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860960007 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.860979080 CET49809443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.862673998 CET49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.970218897 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.166182041 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.169576883 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.215818882 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.290544033 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.485865116 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.538842916 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:39.167036057 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:39.286922932 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:39.499140024 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:39.621844053 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:49.296648026 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:49.416611910 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:49.628787994 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:49.748625994 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:59.426256895 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:59.546154976 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:59.758469105 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:59.878304958 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.287693024 CET49883443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.287770033 CET4434988334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.288151979 CET49883443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.289580107 CET49883443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.289618015 CET4434988334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.507124901 CET4434988334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.507364035 CET49883443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.513967991 CET49883443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.514019966 CET4434988334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.514056921 CET49883443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.514247894 CET4434988334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.515238047 CET49883443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.517724991 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.637540102 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.833233118 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.837634087 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.880270958 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.957696915 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:02.152962923 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:02.196780920 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:11.834274054 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:11.957263947 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:12.166563034 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:12.288193941 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:21.968044996 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:22.088249922 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:22.300005913 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:22.420083046 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:32.097251892 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:32.217139959 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:32.429378986 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:32.549335003 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.227093935 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.346800089 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.559355021 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.679210901 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:52.356439114 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:52.476126909 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:52.688596964 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:52.808367014 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.486263037 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.606077909 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.818470001 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.938174963 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:12.616552114 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:12.736484051 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:12.948662043 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:13.068686008 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.804776907 CET50062443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.804816008 CET4435006234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.804960012 CET50062443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.806801081 CET50062443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.806813002 CET4435006234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.746668100 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.866640091 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.019303083 CET4435006234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.019856930 CET50062443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.025948048 CET50062443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.025955915 CET4435006234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.026078939 CET50062443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.026115894 CET4435006234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.027185917 CET50062443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.029777050 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.078838110 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.149621964 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.198792934 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.345194101 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.348865986 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.395355940 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.468679905 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.663933992 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.711941004 CET4975980192.168.2.434.107.221.82

                                                                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:27.976322889 CET5856053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:28.116648912 CET53585601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:28.117750883 CET5126753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:28.255594015 CET53512671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.372416019 CET5178453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.372642994 CET4963553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.510358095 CET53496351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.522546053 CET5829853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.534487963 CET5429053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.616120100 CET5592853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.650012016 CET5188853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.731252909 CET53582981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.731303930 CET53542901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.731978893 CET5549153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.732132912 CET5598553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.764631033 CET53559281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.852035046 CET53518881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.869209051 CET53554911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.869240999 CET53559851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.915379047 CET6499153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.915695906 CET5643553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.052817106 CET53564351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.053416014 CET5504753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.055542946 CET53649911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.056718111 CET5844753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.058521032 CET5128253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.124736071 CET5336653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.191035986 CET53550471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.193942070 CET53584471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.195838928 CET53512821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.197954893 CET5889653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.265609026 CET53533661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.280020952 CET5878453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.335832119 CET53588961.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.417484045 CET53587841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.420003891 CET5936953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.557568073 CET53593691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.036308050 CET5312853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.036753893 CET5884553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.063522100 CET5670553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.173732042 CET53531281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.174518108 CET53588451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.114075899 CET6542353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.331332922 CET6453353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.468923092 CET53645331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.481113911 CET5034353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.492069960 CET6261553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.504024029 CET5853753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.618958950 CET53503431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.632558107 CET53626151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.642561913 CET53585371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.657110929 CET5794253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.659240007 CET6040253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.787695885 CET53537801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.791409969 CET6193653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.795563936 CET53579421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.799631119 CET53604021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.928884983 CET53619361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.929615974 CET5962853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.067118883 CET53596281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.067143917 CET5551353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.205699921 CET53555131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.206923008 CET5570553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.345247030 CET53557051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.345983982 CET5556853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.484605074 CET53555681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.645709038 CET5271053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.783416986 CET53527101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.729177952 CET5197353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.729459047 CET6466953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.729716063 CET6143553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET53519731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.870165110 CET53646691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.871665001 CET53614351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.966157913 CET5421153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.966403961 CET5416153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.966588020 CET6517653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.103506088 CET53541611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104108095 CET5767753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET53542111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104842901 CET6160253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.107362032 CET53651761.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.107852936 CET6380653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.242547989 CET53576771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.242649078 CET53616021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.245716095 CET53638061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.292285919 CET5016953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.292931080 CET5458553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.297400951 CET5859353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.431193113 CET53501691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.432082891 CET5196153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.432614088 CET53545851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.433295965 CET5871253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.435369968 CET53585931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.436600924 CET5682553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.569789886 CET53519611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.570410013 CET53587121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.570485115 CET6242353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.570997953 CET6203153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.573539972 CET53568251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.710381985 CET53624231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.711832047 CET53620311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.128024101 CET5491653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.168780088 CET5375153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.242733002 CET6288053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.250041008 CET5861553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.268619061 CET53549161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.269799948 CET5697953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.307276011 CET53537511.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.380081892 CET53628801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.381076097 CET5290553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.387164116 CET53586151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.408302069 CET53569791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.408866882 CET6081353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.518752098 CET53529051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.519459009 CET6283153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.547739029 CET53608131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.657722950 CET53628311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:18.511373043 CET5872053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:18.648865938 CET53587201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.621053934 CET5411453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.758763075 CET53541141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.851608038 CET5394253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.148986101 CET5101653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.286576986 CET53510161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.288070917 CET6108853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.425117016 CET53610881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.518681049 CET5811653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.525352955 CET6386953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.663736105 CET53638691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.665977001 CET6207753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.803303003 CET53620771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.804027081 CET6206753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.941658020 CET53620671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.030025959 CET5235153192.168.2.41.1.1.1

                                                                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:27.976322889 CET192.168.2.41.1.1.10xd907Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:28.117750883 CET192.168.2.41.1.1.10x2159Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.372416019 CET192.168.2.41.1.1.10xc627Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.372642994 CET192.168.2.41.1.1.10x4741Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.522546053 CET192.168.2.41.1.1.10x7bb8Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.534487963 CET192.168.2.41.1.1.10xb622Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.616120100 CET192.168.2.41.1.1.10xa844Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.650012016 CET192.168.2.41.1.1.10x7567Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.731978893 CET192.168.2.41.1.1.10x3889Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.732132912 CET192.168.2.41.1.1.10xefdbStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.915379047 CET192.168.2.41.1.1.10xd23bStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.915695906 CET192.168.2.41.1.1.10x4d79Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.053416014 CET192.168.2.41.1.1.10x311cStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.056718111 CET192.168.2.41.1.1.10x1c27Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.058521032 CET192.168.2.41.1.1.10xb51aStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.124736071 CET192.168.2.41.1.1.10x88e5Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.197954893 CET192.168.2.41.1.1.10x5ec4Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.280020952 CET192.168.2.41.1.1.10xe376Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.420003891 CET192.168.2.41.1.1.10xd193Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.036308050 CET192.168.2.41.1.1.10x1757Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.036753893 CET192.168.2.41.1.1.10x5ff7Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.063522100 CET192.168.2.41.1.1.10x5bc3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.114075899 CET192.168.2.41.1.1.10xb351Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.331332922 CET192.168.2.41.1.1.10x4cf2Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.481113911 CET192.168.2.41.1.1.10x173Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.492069960 CET192.168.2.41.1.1.10x9f4eStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.504024029 CET192.168.2.41.1.1.10xdd9eStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.657110929 CET192.168.2.41.1.1.10x330Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.659240007 CET192.168.2.41.1.1.10x6ddaStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.791409969 CET192.168.2.41.1.1.10x717bStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.929615974 CET192.168.2.41.1.1.10xd3e2Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.067143917 CET192.168.2.41.1.1.10xf41fStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.206923008 CET192.168.2.41.1.1.10x4791Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.345983982 CET192.168.2.41.1.1.10x576aStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.645709038 CET192.168.2.41.1.1.10xa4c8Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.729177952 CET192.168.2.41.1.1.10xe394Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.729459047 CET192.168.2.41.1.1.10x50b3Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.729716063 CET192.168.2.41.1.1.10xaf63Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.966157913 CET192.168.2.41.1.1.10xdccStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.966403961 CET192.168.2.41.1.1.10xd654Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.966588020 CET192.168.2.41.1.1.10xcd01Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104108095 CET192.168.2.41.1.1.10x64efStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104842901 CET192.168.2.41.1.1.10x6740Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.107852936 CET192.168.2.41.1.1.10x4df5Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.292285919 CET192.168.2.41.1.1.10x1764Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.292931080 CET192.168.2.41.1.1.10xfaabStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.297400951 CET192.168.2.41.1.1.10x86faStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.432082891 CET192.168.2.41.1.1.10xa3d3Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.433295965 CET192.168.2.41.1.1.10x7e72Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.436600924 CET192.168.2.41.1.1.10xce8bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.570485115 CET192.168.2.41.1.1.10xab63Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.570997953 CET192.168.2.41.1.1.10x4288Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.128024101 CET192.168.2.41.1.1.10x20dbStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.168780088 CET192.168.2.41.1.1.10x301fStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.242733002 CET192.168.2.41.1.1.10xbfaeStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.250041008 CET192.168.2.41.1.1.10xa76aStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.269799948 CET192.168.2.41.1.1.10x91Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.381076097 CET192.168.2.41.1.1.10xb2b2Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.408866882 CET192.168.2.41.1.1.10x6025Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.519459009 CET192.168.2.41.1.1.10x2fc2Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:18.511373043 CET192.168.2.41.1.1.10x7a8aStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:27.621053934 CET192.168.2.41.1.1.10x23cbStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.851608038 CET192.168.2.41.1.1.10xd808Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.148986101 CET192.168.2.41.1.1.10xb9afStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.288070917 CET192.168.2.41.1.1.10x27bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.518681049 CET192.168.2.41.1.1.10x936bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.525352955 CET192.168.2.41.1.1.10xc07aStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.665977001 CET192.168.2.41.1.1.10x466eStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.804027081 CET192.168.2.41.1.1.10x88cfStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.030025959 CET192.168.2.41.1.1.10x788eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:27.971422911 CET1.1.1.1192.168.2.40xf6ecNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:28.116648912 CET1.1.1.1192.168.2.40xd907No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.510358095 CET1.1.1.1192.168.2.40x4741No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.512962103 CET1.1.1.1192.168.2.40xc627No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.512962103 CET1.1.1.1192.168.2.40xc627No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.731252909 CET1.1.1.1192.168.2.40x7bb8No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.731303930 CET1.1.1.1192.168.2.40xb622No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.764631033 CET1.1.1.1192.168.2.40xa844No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.852035046 CET1.1.1.1192.168.2.40x7567No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.852035046 CET1.1.1.1192.168.2.40x7567No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.869209051 CET1.1.1.1192.168.2.40x3889No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.869240999 CET1.1.1.1192.168.2.40xefdbNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.052817106 CET1.1.1.1192.168.2.40x4d79No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.055542946 CET1.1.1.1192.168.2.40xd23bNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.057614088 CET1.1.1.1192.168.2.40x7828No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.057614088 CET1.1.1.1192.168.2.40x7828No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.195838928 CET1.1.1.1192.168.2.40xb51aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.265609026 CET1.1.1.1192.168.2.40x88e5No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.265609026 CET1.1.1.1192.168.2.40x88e5No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.265609026 CET1.1.1.1192.168.2.40x88e5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.417484045 CET1.1.1.1192.168.2.40xe376No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.557568073 CET1.1.1.1192.168.2.40xd193No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.173732042 CET1.1.1.1192.168.2.40x1757No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.174518108 CET1.1.1.1192.168.2.40x5ff7No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.174518108 CET1.1.1.1192.168.2.40x5ff7No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.202613115 CET1.1.1.1192.168.2.40x5bc3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.202613115 CET1.1.1.1192.168.2.40x5bc3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.337440968 CET1.1.1.1192.168.2.40xb351No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.468923092 CET1.1.1.1192.168.2.40x4cf2No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.477132082 CET1.1.1.1192.168.2.40xdd3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.618958950 CET1.1.1.1192.168.2.40x173No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.620457888 CET1.1.1.1192.168.2.40x1b75No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.620457888 CET1.1.1.1192.168.2.40x1b75No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.632558107 CET1.1.1.1192.168.2.40x9f4eNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.642561913 CET1.1.1.1192.168.2.40xdd9eNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.642561913 CET1.1.1.1192.168.2.40xdd9eNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.928884983 CET1.1.1.1192.168.2.40x717bNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.205699921 CET1.1.1.1192.168.2.40xf41fNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.205699921 CET1.1.1.1192.168.2.40xf41fNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.205699921 CET1.1.1.1192.168.2.40xf41fNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.345247030 CET1.1.1.1192.168.2.40x4791No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.782222033 CET1.1.1.1192.168.2.40x9534No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.868288994 CET1.1.1.1192.168.2.40xe394No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.870165110 CET1.1.1.1192.168.2.40x50b3No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.870165110 CET1.1.1.1192.168.2.40x50b3No error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.871665001 CET1.1.1.1192.168.2.40xaf63No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.871665001 CET1.1.1.1192.168.2.40xaf63No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.103506088 CET1.1.1.1192.168.2.40xd654No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.104284048 CET1.1.1.1192.168.2.40xdccNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.107362032 CET1.1.1.1192.168.2.40xcd01No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.242547989 CET1.1.1.1192.168.2.40x64efNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.242649078 CET1.1.1.1192.168.2.40x6740No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.242649078 CET1.1.1.1192.168.2.40x6740No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.242649078 CET1.1.1.1192.168.2.40x6740No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.242649078 CET1.1.1.1192.168.2.40x6740No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.245716095 CET1.1.1.1192.168.2.40x4df5No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.431193113 CET1.1.1.1192.168.2.40x1764No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.431193113 CET1.1.1.1192.168.2.40x1764No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.431193113 CET1.1.1.1192.168.2.40x1764No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.431193113 CET1.1.1.1192.168.2.40x1764No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.431193113 CET1.1.1.1192.168.2.40x1764No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.432614088 CET1.1.1.1192.168.2.40xfaabNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.569789886 CET1.1.1.1192.168.2.40xa3d3No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.569789886 CET1.1.1.1192.168.2.40xa3d3No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.569789886 CET1.1.1.1192.168.2.40xa3d3No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.569789886 CET1.1.1.1192.168.2.40xa3d3No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:46.570410013 CET1.1.1.1192.168.2.40x7e72No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.244431973 CET1.1.1.1192.168.2.40xd3a0No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.244431973 CET1.1.1.1192.168.2.40xd3a0No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.268619061 CET1.1.1.1192.168.2.40x20dbNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.268619061 CET1.1.1.1192.168.2.40x20dbNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.268619061 CET1.1.1.1192.168.2.40x20dbNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.268619061 CET1.1.1.1192.168.2.40x20dbNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.307276011 CET1.1.1.1192.168.2.40x301fNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.307276011 CET1.1.1.1192.168.2.40x301fNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.408302069 CET1.1.1.1192.168.2.40x91No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.408302069 CET1.1.1.1192.168.2.40x91No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.408302069 CET1.1.1.1192.168.2.40x91No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.408302069 CET1.1.1.1192.168.2.40x91No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.518752098 CET1.1.1.1192.168.2.40xb2b2No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.547739029 CET1.1.1.1192.168.2.40x6025No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.547739029 CET1.1.1.1192.168.2.40x6025No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.547739029 CET1.1.1.1192.168.2.40x6025No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:57.547739029 CET1.1.1.1192.168.2.40x6025No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.335058928 CET1.1.1.1192.168.2.40x4ba6No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.335058928 CET1.1.1.1192.168.2.40x4ba6No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.989685059 CET1.1.1.1192.168.2.40xd808No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.989685059 CET1.1.1.1192.168.2.40xd808No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:00.286576986 CET1.1.1.1192.168.2.40xb9afNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.658770084 CET1.1.1.1192.168.2.40x936bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.658770084 CET1.1.1.1192.168.2.40x936bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.663736105 CET1.1.1.1192.168.2.40xc07aNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:21.803303003 CET1.1.1.1192.168.2.40x466eNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.167912006 CET1.1.1.1192.168.2.40x788eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.167912006 CET1.1.1.1192.168.2.40x788eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                    • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    0192.168.2.44974034.107.221.82807852C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:30.649626970 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:31.750284910 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55253
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    1192.168.2.44974734.107.221.82807852C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.323376894 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.409938097 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59012
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    2192.168.2.44974934.107.221.82807852C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:32.592605114 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.687156916 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55255
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.758898973 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.077065945 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55255
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.456218004 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:39.771724939 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55261
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.155026913 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.470490932 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55267
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.188391924 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.503763914 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55269
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.024477005 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.350233078 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55270
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.408691883 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.724905968 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55270
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.647663116 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.963036060 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55271
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.896348000 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.324817896 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55273
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.366818905 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.681942940 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55280
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.745435953 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.158313990 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55282
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:10.165574074 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:19.732425928 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.047885895 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55301
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:28.850367069 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.166182041 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55311
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:39.167036057 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:49.296648026 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:59.426256895 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.517724991 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.833233118 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55343
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:11.834274054 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:21.968044996 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:32.097251892 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.227093935 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:52.356439114 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.486263037 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.029777050 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.345194101 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55425
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    3192.168.2.44975634.107.221.82807852C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:33.835930109 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    4192.168.2.44975934.107.221.82807852C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:34.284351110 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:35.373018980 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59014
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:44.968543053 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:45.284054995 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59024
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.177731037 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.493046999 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59026
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.506661892 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:47.821966887 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59026
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.353379011 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.669712067 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59027
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:48.727819920 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.043418884 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59027
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:49.965780020 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:50.281675100 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59029
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.327855110 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:51.643510103 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59030
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:58.685172081 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:50:59.000190973 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59037
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.161443949 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:00.476933002 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59039
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:10.482081890 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.050512075 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:20.365756035 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59059
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.169576883 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:29.485865116 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59068
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:39.499140024 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:49.628787994 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:51:59.758469105 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:01.837634087 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:02.152962923 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59100
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:12.166563034 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:22.300005913 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:32.429378986 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.559355021 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:52.688596964 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.818470001 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.348865986 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.663933992 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 59182
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:20
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\LbgqLv7gT7.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\LbgqLv7gT7.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x80000
                                                                                                                                                                                                                                                                                                                                                    File size:970'752 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:8A87CB3C119B985E2E61A8CF06CD0818
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:21
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:21
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:23
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:23
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:23
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:23
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:23
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:23
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc30000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:23
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:23
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:24
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:24
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:24
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:25
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2192 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74185290-4fc5-4d55-9d98-e682e25cf34a} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a34156f110 socket
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:27
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4308 -parentBuildID 20230927232528 -prefsHandle 4300 -prefMapHandle 3764 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a30efe01-9b8b-4e34-b5f5-97a640320bd0} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a353839b10 rdd
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                                                                                                                    Start time:07:50:32
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3040 -prefMapHandle 5296 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f302752-23bb-4329-89a4-e95a38980bcb} 7852 "\\.\pipe\gecko-crash-server-pipe.7852" 1a352bfa110 utility
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:4.2%
                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:1733
                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:58
                                                                                                                                                                                                                                                                                                                                                      execution_graph 94341 112a55 94349 f1ebc 94341->94349 94344 112a87 94345 112a70 94351 e39c0 22 API calls 94345->94351 94347 112a7c 94352 e417d 22 API calls __fread_nolock 94347->94352 94350 f1ec3 IsWindow 94349->94350 94350->94344 94350->94345 94351->94347 94352->94344 95717 81cad SystemParametersInfoW 94353 b8402 94358 b81be 94353->94358 94356 b842a 94363 b81ef try_get_first_available_module 94358->94363 94360 b83ee 94377 b27ec 26 API calls ___std_exception_copy 94360->94377 94362 b8343 94362->94356 94370 c0984 94362->94370 94366 b8338 94363->94366 94373 a8e0b 40 API calls 2 library calls 94363->94373 94365 b838c 94365->94366 94374 a8e0b 40 API calls 2 library calls 94365->94374 94366->94362 94376 af2d9 20 API calls __dosmaperr 94366->94376 94368 b83ab 94368->94366 94375 a8e0b 40 API calls 2 library calls 94368->94375 94378 c0081 94370->94378 94372 c099f 94372->94356 94373->94365 94374->94368 94375->94366 94376->94360 94377->94362 94381 c008d __FrameHandler3::FrameUnwindToState 94378->94381 94379 c009b 94435 af2d9 20 API calls __dosmaperr 94379->94435 94381->94379 94383 c00d4 94381->94383 94382 c00a0 94436 b27ec 26 API calls ___std_exception_copy 94382->94436 94389 c065b 94383->94389 94388 c00aa __fread_nolock 94388->94372 94390 c0678 94389->94390 94391 c068d 94390->94391 94392 c06a6 94390->94392 94452 af2c6 20 API calls __dosmaperr 94391->94452 94438 b5221 94392->94438 94395 c0692 94453 af2d9 20 API calls __dosmaperr 94395->94453 94396 c06ab 94397 c06cb 94396->94397 94398 c06b4 94396->94398 94451 c039a CreateFileW 94397->94451 94454 af2c6 20 API calls __dosmaperr 94398->94454 94402 c06b9 94455 af2d9 20 API calls __dosmaperr 94402->94455 94403 c0781 GetFileType 94406 c078c GetLastError 94403->94406 94407 c07d3 94403->94407 94405 c0756 GetLastError 94457 af2a3 20 API calls __dosmaperr 94405->94457 94458 af2a3 20 API calls __dosmaperr 94406->94458 94460 b516a 21 API calls 2 library calls 94407->94460 94408 c0704 94408->94403 94408->94405 94456 c039a CreateFileW 94408->94456 94412 c079a CloseHandle 94412->94395 94415 c07c3 94412->94415 94414 c0749 94414->94403 94414->94405 94459 af2d9 20 API calls __dosmaperr 94415->94459 94416 c07f4 94418 c0840 94416->94418 94461 c05ab 72 API calls 3 library calls 94416->94461 94423 c086d 94418->94423 94462 c014d 72 API calls 4 library calls 94418->94462 94419 c07c8 94419->94395 94422 c0866 94422->94423 94426 c087e 94422->94426 94463 b86ae 94423->94463 94425 c00f8 94437 c0121 LeaveCriticalSection __wsopen_s 94425->94437 94426->94425 94427 c08fc CloseHandle 94426->94427 94478 c039a CreateFileW 94427->94478 94429 c0927 94430 c0931 GetLastError 94429->94430 94431 c095d 94429->94431 94479 af2a3 20 API calls __dosmaperr 94430->94479 94431->94425 94433 c093d 94480 b5333 21 API calls 2 library calls 94433->94480 94435->94382 94436->94388 94437->94388 94439 b522d __FrameHandler3::FrameUnwindToState 94438->94439 94481 b2f5e EnterCriticalSection 94439->94481 94441 b527b 94482 b532a 94441->94482 94442 b5259 94485 b5000 94442->94485 94443 b5234 94443->94441 94443->94442 94448 b52c7 EnterCriticalSection 94443->94448 94446 b52a4 __fread_nolock 94446->94396 94448->94441 94449 b52d4 LeaveCriticalSection 94448->94449 94449->94443 94451->94408 94452->94395 94453->94425 94454->94402 94455->94395 94456->94414 94457->94395 94458->94412 94459->94419 94460->94416 94461->94418 94462->94422 94511 b53c4 94463->94511 94465 b86c4 94524 b5333 21 API calls 2 library calls 94465->94524 94467 b86be 94467->94465 94469 b53c4 __wsopen_s 26 API calls 94467->94469 94477 b86f6 94467->94477 94468 b871c 94475 b873e 94468->94475 94525 af2a3 20 API calls __dosmaperr 94468->94525 94472 b86ed 94469->94472 94470 b53c4 __wsopen_s 26 API calls 94471 b8702 CloseHandle 94470->94471 94471->94465 94473 b870e GetLastError 94471->94473 94476 b53c4 __wsopen_s 26 API calls 94472->94476 94473->94465 94475->94425 94476->94477 94477->94465 94477->94470 94478->94429 94479->94433 94480->94431 94481->94443 94493 b2fa6 LeaveCriticalSection 94482->94493 94484 b5331 94484->94446 94494 b4c7d 94485->94494 94487 b501f 94502 b29c8 94487->94502 94488 b5012 94488->94487 94501 b3405 11 API calls 2 library calls 94488->94501 94491 b5071 94491->94441 94492 b5147 EnterCriticalSection 94491->94492 94492->94441 94493->94484 94499 b4c8a __dosmaperr 94494->94499 94495 b4cca 94509 af2d9 20 API calls __dosmaperr 94495->94509 94496 b4cb5 RtlAllocateHeap 94497 b4cc8 94496->94497 94496->94499 94497->94488 94499->94495 94499->94496 94508 a4ead 7 API calls 2 library calls 94499->94508 94501->94488 94503 b29d3 RtlFreeHeap 94502->94503 94504 b29fc __dosmaperr 94502->94504 94503->94504 94505 b29e8 94503->94505 94504->94491 94510 af2d9 20 API calls __dosmaperr 94505->94510 94507 b29ee GetLastError 94507->94504 94508->94499 94509->94497 94510->94507 94512 b53d1 94511->94512 94513 b53e6 94511->94513 94526 af2c6 20 API calls __dosmaperr 94512->94526 94518 b540b 94513->94518 94528 af2c6 20 API calls __dosmaperr 94513->94528 94516 b53d6 94527 af2d9 20 API calls __dosmaperr 94516->94527 94518->94467 94519 b5416 94529 af2d9 20 API calls __dosmaperr 94519->94529 94520 b53de 94520->94467 94522 b541e 94530 b27ec 26 API calls ___std_exception_copy 94522->94530 94524->94468 94525->94475 94526->94516 94527->94520 94528->94519 94529->94522 94530->94520 95718 c2ba5 95719 c2baf 95718->95719 95720 82b25 95718->95720 95722 83a5a 24 API calls 95719->95722 95746 82b83 7 API calls 95720->95746 95724 c2bb8 95722->95724 95726 89cb3 22 API calls 95724->95726 95727 c2bc6 95726->95727 95729 c2bce 95727->95729 95730 c2bf5 95727->95730 95728 82b2f 95731 83837 49 API calls 95728->95731 95737 82b44 95728->95737 95732 833c6 22 API calls 95729->95732 95733 833c6 22 API calls 95730->95733 95731->95737 95735 c2bd9 95732->95735 95734 c2bf1 GetForegroundWindow ShellExecuteW 95733->95734 95740 c2c26 95734->95740 95750 86350 22 API calls 95735->95750 95738 82b5f 95737->95738 95741 830f2 Shell_NotifyIconW 95737->95741 95743 82b66 SetCurrentDirectoryW 95738->95743 95740->95738 95741->95738 95742 c2be7 95744 833c6 22 API calls 95742->95744 95745 82b7a 95743->95745 95744->95734 95751 82cd4 7 API calls 95746->95751 95748 82b2a 95749 82c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95748->95749 95749->95728 95750->95742 95751->95748 95752 82de3 95753 82df0 __wsopen_s 95752->95753 95754 82e09 95753->95754 95756 c2c2b ___scrt_fastfail 95753->95756 95755 83aa2 23 API calls 95754->95755 95758 82e12 95755->95758 95757 c2c47 GetOpenFileNameW 95756->95757 95759 c2c96 95757->95759 95768 82da5 95758->95768 95761 86b57 22 API calls 95759->95761 95763 c2cab 95761->95763 95763->95763 95765 82e27 95786 844a8 95765->95786 95769 c1f50 __wsopen_s 95768->95769 95770 82db2 GetLongPathNameW 95769->95770 95771 86b57 22 API calls 95770->95771 95772 82dda 95771->95772 95773 83598 95772->95773 95774 8a961 22 API calls 95773->95774 95775 835aa 95774->95775 95776 83aa2 23 API calls 95775->95776 95777 835b5 95776->95777 95778 835c0 95777->95778 95782 c32eb 95777->95782 95780 8515f 22 API calls 95778->95780 95781 835cc 95780->95781 95816 835f3 95781->95816 95783 c330d 95782->95783 95822 9ce60 41 API calls 95782->95822 95785 835df 95785->95765 95823 84ecb 95786->95823 95789 c3833 95845 f2cf9 95789->95845 95790 84ecb 94 API calls 95792 844e1 95790->95792 95792->95789 95794 844e9 95792->95794 95793 c3848 95795 c384c 95793->95795 95796 c3869 95793->95796 95798 c3854 95794->95798 95799 844f5 95794->95799 95886 84f39 95795->95886 95797 9fe0b 22 API calls 95796->95797 95802 c38ae 95797->95802 95892 eda5a 82 API calls 95798->95892 95885 8940c 136 API calls 2 library calls 95799->95885 95806 c3a5f 95802->95806 95811 c3a67 95802->95811 95813 89cb3 22 API calls 95802->95813 95871 8a4a1 95802->95871 95879 83ff7 95802->95879 95893 e967e 22 API calls __fread_nolock 95802->95893 95894 e95ad 42 API calls _wcslen 95802->95894 95895 f0b5a 22 API calls 95802->95895 95804 c3862 95804->95796 95805 82e31 95806->95811 95807 84f39 68 API calls 95807->95811 95811->95807 95896 e989b 82 API calls __wsopen_s 95811->95896 95813->95802 95817 83605 95816->95817 95821 83624 __fread_nolock 95816->95821 95819 9fe0b 22 API calls 95817->95819 95818 9fddb 22 API calls 95820 8363b 95818->95820 95819->95821 95820->95785 95821->95818 95822->95782 95897 84e90 LoadLibraryA 95823->95897 95828 c3ccf 95830 84f39 68 API calls 95828->95830 95829 84ef6 LoadLibraryExW 95905 84e59 LoadLibraryA 95829->95905 95832 c3cd6 95830->95832 95834 84e59 3 API calls 95832->95834 95836 c3cde 95834->95836 95927 850f5 95836->95927 95837 84f20 95837->95836 95838 84f2c 95837->95838 95839 84f39 68 API calls 95838->95839 95841 844cd 95839->95841 95841->95789 95841->95790 95844 c3d05 95846 f2d15 95845->95846 95847 8511f 64 API calls 95846->95847 95848 f2d29 95847->95848 96058 f2e66 95848->96058 95851 850f5 40 API calls 95852 f2d56 95851->95852 95853 850f5 40 API calls 95852->95853 95854 f2d66 95853->95854 95855 850f5 40 API calls 95854->95855 95856 f2d81 95855->95856 95857 850f5 40 API calls 95856->95857 95858 f2d9c 95857->95858 95859 8511f 64 API calls 95858->95859 95860 f2db3 95859->95860 95861 aea0c ___std_exception_copy 21 API calls 95860->95861 95862 f2dba 95861->95862 95863 aea0c ___std_exception_copy 21 API calls 95862->95863 95864 f2dc4 95863->95864 95865 850f5 40 API calls 95864->95865 95866 f2dd8 95865->95866 95867 f28fe 27 API calls 95866->95867 95869 f2dee 95867->95869 95868 f2d3f 95868->95793 95869->95868 96064 f22ce 79 API calls 95869->96064 95872 8a52b 95871->95872 95873 8a4b1 __fread_nolock 95871->95873 95875 9fe0b 22 API calls 95872->95875 95874 9fddb 22 API calls 95873->95874 95876 8a4b8 95874->95876 95875->95873 95877 8a4d6 95876->95877 95878 9fddb 22 API calls 95876->95878 95877->95802 95878->95877 95880 8400a 95879->95880 95883 840ae 95879->95883 95881 9fe0b 22 API calls 95880->95881 95882 8403c 95880->95882 95881->95882 95882->95883 95884 9fddb 22 API calls 95882->95884 95883->95802 95884->95882 95885->95805 95887 84f43 95886->95887 95889 84f4a 95886->95889 96065 ae678 95887->96065 95890 84f59 95889->95890 95891 84f6a FreeLibrary 95889->95891 95890->95798 95891->95890 95892->95804 95893->95802 95894->95802 95895->95802 95896->95811 95898 84ea8 GetProcAddress 95897->95898 95899 84ec6 95897->95899 95900 84eb8 95898->95900 95902 ae5eb 95899->95902 95900->95899 95901 84ebf FreeLibrary 95900->95901 95901->95899 95935 ae52a 95902->95935 95904 84eea 95904->95828 95904->95829 95906 84e8d 95905->95906 95907 84e6e GetProcAddress 95905->95907 95910 84f80 95906->95910 95908 84e7e 95907->95908 95908->95906 95909 84e86 FreeLibrary 95908->95909 95909->95906 95911 9fe0b 22 API calls 95910->95911 95912 84f95 95911->95912 95913 85722 22 API calls 95912->95913 95914 84fa1 __fread_nolock 95913->95914 95915 c3d1d 95914->95915 95916 850a5 95914->95916 95921 84fdc 95914->95921 95998 f304d 74 API calls 95915->95998 95987 842a2 CreateStreamOnHGlobal 95916->95987 95919 c3d22 95922 8511f 64 API calls 95919->95922 95920 850f5 40 API calls 95920->95921 95921->95919 95921->95920 95926 8506e ISource 95921->95926 95993 8511f 95921->95993 95923 c3d45 95922->95923 95924 850f5 40 API calls 95923->95924 95924->95926 95926->95837 95928 c3d70 95927->95928 95929 85107 95927->95929 96020 ae8c4 95929->96020 95932 f28fe 96041 f274e 95932->96041 95934 f2919 95934->95844 95936 ae536 __FrameHandler3::FrameUnwindToState 95935->95936 95937 ae544 95936->95937 95940 ae574 95936->95940 95960 af2d9 20 API calls __dosmaperr 95937->95960 95939 ae549 95961 b27ec 26 API calls ___std_exception_copy 95939->95961 95942 ae579 95940->95942 95943 ae586 95940->95943 95962 af2d9 20 API calls __dosmaperr 95942->95962 95952 b8061 95943->95952 95946 ae58f 95947 ae5a2 95946->95947 95948 ae595 95946->95948 95964 ae5d4 LeaveCriticalSection __fread_nolock 95947->95964 95963 af2d9 20 API calls __dosmaperr 95948->95963 95949 ae554 __fread_nolock 95949->95904 95953 b806d __FrameHandler3::FrameUnwindToState 95952->95953 95965 b2f5e EnterCriticalSection 95953->95965 95955 b807b 95966 b80fb 95955->95966 95959 b80ac __fread_nolock 95959->95946 95960->95939 95961->95949 95962->95949 95963->95949 95964->95949 95965->95955 95975 b811e 95966->95975 95967 b8088 95979 b80b7 95967->95979 95968 b8177 95969 b4c7d __dosmaperr 20 API calls 95968->95969 95970 b8180 95969->95970 95972 b29c8 _free 20 API calls 95970->95972 95973 b8189 95972->95973 95973->95967 95984 b3405 11 API calls 2 library calls 95973->95984 95975->95967 95975->95968 95982 a918d EnterCriticalSection 95975->95982 95983 a91a1 LeaveCriticalSection 95975->95983 95976 b81a8 95985 a918d EnterCriticalSection 95976->95985 95986 b2fa6 LeaveCriticalSection 95979->95986 95981 b80be 95981->95959 95982->95975 95983->95975 95984->95976 95985->95967 95986->95981 95988 842d9 95987->95988 95989 842bc FindResourceExW 95987->95989 95988->95921 95989->95988 95990 c35ba LoadResource 95989->95990 95990->95988 95991 c35cf SizeofResource 95990->95991 95991->95988 95992 c35e3 LockResource 95991->95992 95992->95988 95994 8512e 95993->95994 95995 c3d90 95993->95995 95999 aece3 95994->95999 95998->95919 96002 aeaaa 95999->96002 96001 8513c 96001->95921 96006 aeab6 __FrameHandler3::FrameUnwindToState 96002->96006 96003 aeac2 96015 af2d9 20 API calls __dosmaperr 96003->96015 96005 aeae8 96017 a918d EnterCriticalSection 96005->96017 96006->96003 96006->96005 96007 aeac7 96016 b27ec 26 API calls ___std_exception_copy 96007->96016 96010 aeaf4 96018 aec0a 62 API calls 2 library calls 96010->96018 96012 aeb08 96019 aeb27 LeaveCriticalSection __fread_nolock 96012->96019 96014 aead2 __fread_nolock 96014->96001 96015->96007 96016->96014 96017->96010 96018->96012 96019->96014 96023 ae8e1 96020->96023 96022 85118 96022->95932 96024 ae8ed __FrameHandler3::FrameUnwindToState 96023->96024 96025 ae925 __fread_nolock 96024->96025 96026 ae92d 96024->96026 96027 ae900 ___scrt_fastfail 96024->96027 96025->96022 96038 a918d EnterCriticalSection 96026->96038 96036 af2d9 20 API calls __dosmaperr 96027->96036 96029 ae937 96039 ae6f8 38 API calls 4 library calls 96029->96039 96032 ae91a 96037 b27ec 26 API calls ___std_exception_copy 96032->96037 96034 ae94e 96040 ae96c LeaveCriticalSection __fread_nolock 96034->96040 96036->96032 96037->96025 96038->96029 96039->96034 96040->96025 96044 ae4e8 96041->96044 96043 f275d 96043->95934 96047 ae469 96044->96047 96046 ae505 96046->96043 96048 ae478 96047->96048 96049 ae48c 96047->96049 96055 af2d9 20 API calls __dosmaperr 96048->96055 96054 ae488 __alldvrm 96049->96054 96057 b333f 11 API calls 2 library calls 96049->96057 96051 ae47d 96056 b27ec 26 API calls ___std_exception_copy 96051->96056 96054->96046 96055->96051 96056->96054 96057->96054 96062 f2e7a 96058->96062 96059 f2d3b 96059->95851 96059->95868 96060 850f5 40 API calls 96060->96062 96061 f28fe 27 API calls 96061->96062 96062->96059 96062->96060 96062->96061 96063 8511f 64 API calls 96062->96063 96063->96062 96064->95868 96066 ae684 __FrameHandler3::FrameUnwindToState 96065->96066 96067 ae6aa 96066->96067 96068 ae695 96066->96068 96070 ae6a5 __fread_nolock 96067->96070 96080 a918d EnterCriticalSection 96067->96080 96078 af2d9 20 API calls __dosmaperr 96068->96078 96070->95889 96071 ae69a 96079 b27ec 26 API calls ___std_exception_copy 96071->96079 96074 ae6c6 96081 ae602 96074->96081 96076 ae6d1 96097 ae6ee LeaveCriticalSection __fread_nolock 96076->96097 96078->96071 96079->96070 96080->96074 96082 ae60f 96081->96082 96083 ae624 96081->96083 96098 af2d9 20 API calls __dosmaperr 96082->96098 96089 ae61f 96083->96089 96100 adc0b 96083->96100 96085 ae614 96099 b27ec 26 API calls ___std_exception_copy 96085->96099 96089->96076 96093 ae646 96117 b862f 96093->96117 96096 b29c8 _free 20 API calls 96096->96089 96097->96070 96098->96085 96099->96089 96101 adc1f 96100->96101 96102 adc23 96100->96102 96106 b4d7a 96101->96106 96102->96101 96103 ad955 __fread_nolock 26 API calls 96102->96103 96104 adc43 96103->96104 96132 b59be 62 API calls 5 library calls 96104->96132 96107 b4d90 96106->96107 96108 ae640 96106->96108 96107->96108 96109 b29c8 _free 20 API calls 96107->96109 96110 ad955 96108->96110 96109->96108 96111 ad961 96110->96111 96112 ad976 96110->96112 96133 af2d9 20 API calls __dosmaperr 96111->96133 96112->96093 96114 ad966 96134 b27ec 26 API calls ___std_exception_copy 96114->96134 96116 ad971 96116->96093 96118 b863e 96117->96118 96119 b8653 96117->96119 96135 af2c6 20 API calls __dosmaperr 96118->96135 96121 b868e 96119->96121 96126 b867a 96119->96126 96140 af2c6 20 API calls __dosmaperr 96121->96140 96123 b8643 96136 af2d9 20 API calls __dosmaperr 96123->96136 96124 b8693 96141 af2d9 20 API calls __dosmaperr 96124->96141 96137 b8607 96126->96137 96129 ae64c 96129->96089 96129->96096 96130 b869b 96142 b27ec 26 API calls ___std_exception_copy 96130->96142 96132->96101 96133->96114 96134->96116 96135->96123 96136->96129 96143 b8585 96137->96143 96139 b862b 96139->96129 96140->96124 96141->96130 96142->96129 96144 b8591 __FrameHandler3::FrameUnwindToState 96143->96144 96154 b5147 EnterCriticalSection 96144->96154 96146 b859f 96147 b85d1 96146->96147 96148 b85c6 96146->96148 96155 af2d9 20 API calls __dosmaperr 96147->96155 96149 b86ae __wsopen_s 29 API calls 96148->96149 96151 b85cc 96149->96151 96156 b85fb LeaveCriticalSection __wsopen_s 96151->96156 96153 b85ee __fread_nolock 96153->96139 96154->96146 96155->96151 96156->96153 94531 81044 94536 810f3 94531->94536 94533 8104a 94572 a00a3 29 API calls __onexit 94533->94572 94535 81054 94573 81398 94536->94573 94540 8116a 94583 8a961 94540->94583 94543 8a961 22 API calls 94544 8117e 94543->94544 94545 8a961 22 API calls 94544->94545 94546 81188 94545->94546 94547 8a961 22 API calls 94546->94547 94548 811c6 94547->94548 94549 8a961 22 API calls 94548->94549 94550 81292 94549->94550 94588 8171c 94550->94588 94554 812c4 94555 8a961 22 API calls 94554->94555 94556 812ce 94555->94556 94609 91940 94556->94609 94558 812f9 94619 81aab 94558->94619 94560 81315 94561 81325 GetStdHandle 94560->94561 94562 8137a 94561->94562 94563 c2485 94561->94563 94566 81387 OleInitialize 94562->94566 94563->94562 94564 c248e 94563->94564 94626 9fddb 94564->94626 94566->94533 94567 c2495 94636 f011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 94567->94636 94569 c249e 94637 f0944 CreateThread 94569->94637 94571 c24aa CloseHandle 94571->94562 94572->94535 94638 813f1 94573->94638 94576 813f1 22 API calls 94577 813d0 94576->94577 94578 8a961 22 API calls 94577->94578 94579 813dc 94578->94579 94645 86b57 94579->94645 94581 81129 94582 81bc3 6 API calls 94581->94582 94582->94540 94584 9fe0b 22 API calls 94583->94584 94585 8a976 94584->94585 94586 9fddb 22 API calls 94585->94586 94587 81174 94586->94587 94587->94543 94589 8a961 22 API calls 94588->94589 94590 8172c 94589->94590 94591 8a961 22 API calls 94590->94591 94592 81734 94591->94592 94593 8a961 22 API calls 94592->94593 94594 8174f 94593->94594 94595 9fddb 22 API calls 94594->94595 94596 8129c 94595->94596 94597 81b4a 94596->94597 94598 81b58 94597->94598 94599 8a961 22 API calls 94598->94599 94600 81b63 94599->94600 94601 8a961 22 API calls 94600->94601 94602 81b6e 94601->94602 94603 8a961 22 API calls 94602->94603 94604 81b79 94603->94604 94605 8a961 22 API calls 94604->94605 94606 81b84 94605->94606 94607 9fddb 22 API calls 94606->94607 94608 81b96 RegisterWindowMessageW 94607->94608 94608->94554 94610 91981 94609->94610 94615 9195d 94609->94615 94690 a0242 5 API calls __Init_thread_wait 94610->94690 94612 9198b 94612->94615 94691 a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94612->94691 94614 98727 94618 9196e 94614->94618 94693 a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94614->94693 94615->94618 94692 a0242 5 API calls __Init_thread_wait 94615->94692 94618->94558 94620 c272d 94619->94620 94621 81abb 94619->94621 94694 f3209 23 API calls 94620->94694 94622 9fddb 22 API calls 94621->94622 94624 81ac3 94622->94624 94624->94560 94625 c2738 94629 9fde0 94626->94629 94627 aea0c ___std_exception_copy 21 API calls 94627->94629 94628 9fdfa 94628->94567 94629->94627 94629->94628 94632 9fdfc 94629->94632 94695 a4ead 7 API calls 2 library calls 94629->94695 94631 a066d 94697 a32a4 RaiseException 94631->94697 94632->94631 94696 a32a4 RaiseException 94632->94696 94635 a068a 94635->94567 94636->94569 94637->94571 94698 f092a 28 API calls 94637->94698 94639 8a961 22 API calls 94638->94639 94640 813fc 94639->94640 94641 8a961 22 API calls 94640->94641 94642 81404 94641->94642 94643 8a961 22 API calls 94642->94643 94644 813c6 94643->94644 94644->94576 94646 c4ba1 94645->94646 94647 86b67 _wcslen 94645->94647 94668 893b2 94646->94668 94650 86b7d 94647->94650 94651 86ba2 94647->94651 94649 c4baa 94649->94649 94657 86f34 22 API calls 94650->94657 94653 9fddb 22 API calls 94651->94653 94655 86bae 94653->94655 94654 86b85 __fread_nolock 94654->94581 94658 9fe0b 94655->94658 94657->94654 94661 9fddb 94658->94661 94660 9fdfa 94660->94654 94661->94660 94663 9fdfc 94661->94663 94672 aea0c 94661->94672 94679 a4ead 7 API calls 2 library calls 94661->94679 94667 a066d 94663->94667 94680 a32a4 RaiseException 94663->94680 94666 a068a 94666->94654 94681 a32a4 RaiseException 94667->94681 94669 893c0 94668->94669 94670 893c9 __fread_nolock 94668->94670 94669->94670 94684 8aec9 94669->94684 94670->94649 94670->94670 94677 b3820 __dosmaperr 94672->94677 94673 b385e 94683 af2d9 20 API calls __dosmaperr 94673->94683 94675 b3849 RtlAllocateHeap 94676 b385c 94675->94676 94675->94677 94676->94661 94677->94673 94677->94675 94682 a4ead 7 API calls 2 library calls 94677->94682 94679->94661 94680->94667 94681->94666 94682->94677 94683->94676 94685 8aed9 __fread_nolock 94684->94685 94686 8aedc 94684->94686 94685->94670 94687 9fddb 22 API calls 94686->94687 94688 8aee7 94687->94688 94689 9fe0b 22 API calls 94688->94689 94689->94685 94690->94612 94691->94615 94692->94614 94693->94618 94694->94625 94695->94629 94696->94631 94697->94635 94699 d2a00 94714 8d7b0 ISource 94699->94714 94700 8db11 PeekMessageW 94700->94714 94701 8d807 GetInputState 94701->94700 94701->94714 94703 d1cbe TranslateAcceleratorW 94703->94714 94704 8da04 timeGetTime 94704->94714 94705 8db8f PeekMessageW 94705->94714 94706 8db73 TranslateMessage DispatchMessageW 94706->94705 94707 8dbaf Sleep 94707->94714 94708 d2b74 Sleep 94721 d2a51 94708->94721 94711 d1dda timeGetTime 94882 9e300 23 API calls 94711->94882 94714->94700 94714->94701 94714->94703 94714->94704 94714->94705 94714->94706 94714->94707 94714->94708 94714->94711 94716 8d9d5 94714->94716 94714->94721 94731 8dd50 94714->94731 94738 8dfd0 94714->94738 94761 8bf40 94714->94761 94819 9edf6 94714->94819 94824 91310 94714->94824 94881 9e551 timeGetTime 94714->94881 94883 f3a2a 23 API calls 94714->94883 94884 8ec40 94714->94884 94908 f359c 82 API calls __wsopen_s 94714->94908 94715 d2c0b GetExitCodeProcess 94718 d2c37 CloseHandle 94715->94718 94719 d2c21 WaitForSingleObject 94715->94719 94718->94721 94719->94714 94719->94718 94720 1129bf GetForegroundWindow 94720->94721 94721->94714 94721->94715 94721->94716 94721->94720 94722 d2ca9 Sleep 94721->94722 94909 105658 23 API calls 94721->94909 94910 ee97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 94721->94910 94911 9e551 timeGetTime 94721->94911 94912 ed4dc CreateToolhelp32Snapshot Process32FirstW 94721->94912 94722->94714 94732 8dd6f 94731->94732 94733 8dd83 94731->94733 94922 8d260 94732->94922 94954 f359c 82 API calls __wsopen_s 94733->94954 94736 8dd7a 94736->94714 94737 d2f75 94737->94737 94739 8e010 94738->94739 94755 8e0dc ISource 94739->94755 94967 a0242 5 API calls __Init_thread_wait 94739->94967 94742 d2fca 94744 8a961 22 API calls 94742->94744 94742->94755 94743 8a961 22 API calls 94743->94755 94746 d2fe4 94744->94746 94968 a00a3 29 API calls __onexit 94746->94968 94749 d2fee 94969 a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94749->94969 94752 8ec40 348 API calls 94752->94755 94755->94743 94755->94752 94756 f359c 82 API calls 94755->94756 94757 8e3e1 94755->94757 94758 904f0 22 API calls 94755->94758 94964 8a8c7 22 API calls __fread_nolock 94755->94964 94965 8a81b 41 API calls 94755->94965 94966 9a308 348 API calls 94755->94966 94970 a0242 5 API calls __Init_thread_wait 94755->94970 94971 a00a3 29 API calls __onexit 94755->94971 94972 a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94755->94972 94973 1047d4 348 API calls 94755->94973 94974 1068c1 348 API calls 94755->94974 94756->94755 94757->94714 94758->94755 94975 8adf0 94761->94975 94763 8bf9d 94764 8bfa9 94763->94764 94765 d04b6 94763->94765 94767 d04c6 94764->94767 94768 8c01e 94764->94768 95007 f359c 82 API calls __wsopen_s 94765->95007 95008 f359c 82 API calls __wsopen_s 94767->95008 94980 8ac91 94768->94980 94771 8c603 94771->94714 94773 e7120 22 API calls 94802 8c039 ISource __fread_nolock 94773->94802 94774 8c7da 94777 9fe0b 22 API calls 94774->94777 94786 8c808 __fread_nolock 94777->94786 94779 d04f5 94782 d055a 94779->94782 95009 9d217 348 API calls 94779->95009 94782->94771 95010 f359c 82 API calls __wsopen_s 94782->95010 94783 8ec40 348 API calls 94783->94802 94784 9fe0b 22 API calls 94790 8c350 ISource __fread_nolock 94784->94790 94785 8af8a 22 API calls 94785->94802 94786->94784 94787 d091a 95019 f3209 23 API calls 94787->95019 94803 8c3ac 94790->94803 95002 9ce17 94790->95002 94791 d08a5 94792 8ec40 348 API calls 94791->94792 94793 d08cf 94792->94793 94793->94771 95017 8a81b 41 API calls 94793->95017 94795 d0591 95011 f359c 82 API calls __wsopen_s 94795->95011 94796 d08f6 95018 f359c 82 API calls __wsopen_s 94796->95018 94800 8c237 94807 8c253 94800->94807 95020 8a8c7 22 API calls __fread_nolock 94800->95020 94802->94771 94802->94773 94802->94774 94802->94779 94802->94782 94802->94783 94802->94785 94802->94786 94802->94787 94802->94791 94802->94795 94802->94796 94802->94800 94804 8aceb 23 API calls 94802->94804 94810 9fddb 22 API calls 94802->94810 94814 d09bf 94802->94814 94816 8bbe0 40 API calls 94802->94816 94818 9fe0b 22 API calls 94802->94818 94984 8ad81 94802->94984 95012 e7099 22 API calls __fread_nolock 94802->95012 95013 105745 54 API calls _wcslen 94802->95013 95014 9aa42 22 API calls ISource 94802->95014 95015 ef05c 40 API calls 94802->95015 95016 8a993 41 API calls 94802->95016 94803->94714 94804->94802 94806 d0976 94809 8aceb 23 API calls 94806->94809 94807->94806 94811 8c297 ISource 94807->94811 94809->94814 94810->94802 94811->94814 94991 8aceb 94811->94991 94813 8c335 94813->94814 94815 8c342 94813->94815 94814->94771 95021 f359c 82 API calls __wsopen_s 94814->95021 95001 8a704 22 API calls ISource 94815->95001 94816->94802 94818->94802 94820 9ee09 94819->94820 94821 9ee12 94819->94821 94820->94714 94821->94820 94822 9ee36 IsDialogMessageW 94821->94822 94823 defaf GetClassLongW 94821->94823 94822->94820 94822->94821 94823->94821 94823->94822 94825 917b0 94824->94825 94826 91376 94824->94826 95072 a0242 5 API calls __Init_thread_wait 94825->95072 94827 91390 94826->94827 94828 d6331 94826->94828 94830 91940 9 API calls 94827->94830 95082 10709c 348 API calls 94828->95082 94833 913a0 94830->94833 94832 917ba 94838 917fb 94832->94838 95073 89cb3 94832->95073 94835 91940 9 API calls 94833->94835 94834 d633d 94834->94714 94837 913b6 94835->94837 94837->94838 94839 913ec 94837->94839 94840 d6346 94838->94840 94841 9182c 94838->94841 94839->94840 94864 91408 __fread_nolock 94839->94864 95083 f359c 82 API calls __wsopen_s 94840->95083 94843 8aceb 23 API calls 94841->94843 94842 917d4 95079 a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94842->95079 94845 91839 94843->94845 95080 9d217 348 API calls 94845->95080 94848 d636e 95084 f359c 82 API calls __wsopen_s 94848->95084 94850 9152f 94851 9153c 94850->94851 94852 d63d1 94850->94852 94853 91940 9 API calls 94851->94853 95086 105745 54 API calls _wcslen 94852->95086 94855 91549 94853->94855 94858 d64fa 94855->94858 94861 91940 9 API calls 94855->94861 94856 9fddb 22 API calls 94856->94864 94857 9fe0b 22 API calls 94857->94864 94868 d6369 94858->94868 95088 f359c 82 API calls __wsopen_s 94858->95088 94859 91872 95081 9faeb 23 API calls 94859->95081 94866 91563 94861->94866 94863 8ec40 348 API calls 94863->94864 94864->94845 94864->94848 94864->94850 94864->94856 94864->94857 94864->94863 94865 d63b2 94864->94865 94864->94868 95085 f359c 82 API calls __wsopen_s 94865->95085 94866->94858 94871 915c7 ISource 94866->94871 95087 8a8c7 22 API calls __fread_nolock 94866->95087 94868->94714 94870 91940 9 API calls 94870->94871 94871->94858 94871->94859 94871->94868 94871->94870 94873 9167b ISource 94871->94873 95044 f5c5a 94871->95044 95049 10a2ea 94871->95049 95054 10ab67 94871->95054 95057 9f645 94871->95057 95064 111591 94871->95064 95067 10abf7 94871->95067 94872 9171d 94872->94714 94873->94872 94874 9ce17 22 API calls 94873->94874 94874->94873 94881->94714 94882->94714 94883->94714 94902 8ec76 ISource 94884->94902 94885 a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94885->94902 94886 9fddb 22 API calls 94886->94902 94888 8fef7 94900 8ed9d ISource 94888->94900 95323 8a8c7 22 API calls __fread_nolock 94888->95323 94890 8a8c7 22 API calls 94890->94902 94891 d4600 94891->94900 95322 8a8c7 22 API calls __fread_nolock 94891->95322 94892 d4b0b 95325 f359c 82 API calls __wsopen_s 94892->95325 94898 8fbe3 94898->94900 94901 d4bdc 94898->94901 94907 8f3ae ISource 94898->94907 94899 8a961 22 API calls 94899->94902 94900->94714 95326 f359c 82 API calls __wsopen_s 94901->95326 94902->94885 94902->94886 94902->94888 94902->94890 94902->94891 94902->94892 94902->94898 94902->94899 94902->94900 94903 a00a3 29 API calls pre_c_initialization 94902->94903 94905 d4beb 94902->94905 94906 a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94902->94906 94902->94907 95260 901e0 94902->95260 95321 906a0 41 API calls ISource 94902->95321 94903->94902 95327 f359c 82 API calls __wsopen_s 94905->95327 94906->94902 94907->94900 95324 f359c 82 API calls __wsopen_s 94907->95324 94908->94714 94909->94721 94910->94721 94911->94721 95358 edef7 94912->95358 94914 ed5db CloseHandle 94914->94721 94915 ed529 Process32NextW 94915->94914 94921 ed522 94915->94921 94916 8a961 22 API calls 94916->94921 94917 89cb3 22 API calls 94917->94921 94921->94914 94921->94915 94921->94916 94921->94917 95364 8525f 22 API calls 94921->95364 95365 86350 22 API calls 94921->95365 95366 9ce60 41 API calls 94921->95366 94923 8ec40 348 API calls 94922->94923 94942 8d29d 94923->94942 94924 d1bc4 94963 f359c 82 API calls __wsopen_s 94924->94963 94926 8d30b ISource 94926->94736 94927 8d6d5 94927->94926 94936 9fe0b 22 API calls 94927->94936 94928 8d3c3 94928->94927 94930 8d3ce 94928->94930 94929 8d5ff 94932 d1bb5 94929->94932 94933 8d614 94929->94933 94931 9fddb 22 API calls 94930->94931 94940 8d3d5 __fread_nolock 94931->94940 94962 105705 23 API calls 94932->94962 94938 9fddb 22 API calls 94933->94938 94934 8d4b8 94939 9fe0b 22 API calls 94934->94939 94935 9fddb 22 API calls 94935->94942 94936->94940 94945 8d46a 94938->94945 94949 8d429 ISource __fread_nolock 94939->94949 94941 8d3f6 94940->94941 94943 9fddb 22 API calls 94940->94943 94941->94949 94955 8bec0 348 API calls 94941->94955 94942->94924 94942->94926 94942->94927 94942->94928 94942->94934 94942->94935 94942->94949 94943->94941 94945->94736 94946 d1ba4 94961 f359c 82 API calls __wsopen_s 94946->94961 94949->94929 94949->94945 94949->94946 94950 d1b7f 94949->94950 94952 d1b5d 94949->94952 94956 81f6f 94949->94956 94960 f359c 82 API calls __wsopen_s 94950->94960 94959 f359c 82 API calls __wsopen_s 94952->94959 94954->94737 94955->94949 94957 8ec40 348 API calls 94956->94957 94958 81f98 94957->94958 94958->94949 94959->94945 94960->94945 94961->94945 94962->94924 94963->94926 94964->94755 94965->94755 94966->94755 94967->94742 94968->94749 94969->94755 94970->94755 94971->94755 94972->94755 94973->94755 94974->94755 94976 8ae01 94975->94976 94979 8ae1c ISource 94975->94979 94977 8aec9 22 API calls 94976->94977 94978 8ae09 CharUpperBuffW 94977->94978 94978->94979 94979->94763 94981 8acae 94980->94981 94982 8acd1 94981->94982 95022 f359c 82 API calls __wsopen_s 94981->95022 94982->94802 94985 cfadb 94984->94985 94986 8ad92 94984->94986 94987 9fddb 22 API calls 94986->94987 94988 8ad99 94987->94988 95023 8adcd 94988->95023 94992 8acf9 94991->94992 95000 8ad2a ISource 94991->95000 94993 8ad55 94992->94993 94994 8ad01 ISource 94992->94994 94993->95000 95031 8a8c7 22 API calls __fread_nolock 94993->95031 94996 cfa48 94994->94996 94997 8ad21 94994->94997 94994->95000 94999 9ce17 22 API calls 94996->94999 94996->95000 94998 cfa3a VariantClear 94997->94998 94997->95000 94998->95000 94999->95000 95000->94813 95001->94790 95003 9ce1f 95002->95003 95004 9ce43 95003->95004 95032 8b010 95003->95032 95004->94790 95006 9ce2a ISource 95006->94790 95007->94767 95008->94771 95009->94782 95010->94771 95011->94771 95012->94802 95013->94802 95014->94802 95015->94802 95016->94802 95017->94796 95018->94771 95019->94800 95020->94807 95021->94771 95022->94982 95027 8addd 95023->95027 95024 8adb6 95024->94802 95025 9fddb 22 API calls 95025->95027 95026 8a961 22 API calls 95026->95027 95027->95024 95027->95025 95027->95026 95029 8adcd 22 API calls 95027->95029 95030 8a8c7 22 API calls __fread_nolock 95027->95030 95029->95027 95030->95027 95031->95000 95033 8b01b 95032->95033 95034 cfb4d 95033->95034 95039 8b023 ISource 95033->95039 95035 9fddb 22 API calls 95034->95035 95037 cfb59 95035->95037 95036 8b02a 95036->95006 95039->95036 95040 8b090 95039->95040 95041 8b09b ISource 95040->95041 95042 9ce17 22 API calls 95041->95042 95043 8b0d6 ISource 95041->95043 95042->95043 95043->95039 95089 87510 95044->95089 95048 f5c77 95048->94871 95050 87510 53 API calls 95049->95050 95051 10a306 95050->95051 95052 ed4dc 47 API calls 95051->95052 95053 10a315 95052->95053 95053->94871 95121 10aff9 95054->95121 95058 8b567 39 API calls 95057->95058 95059 9f659 95058->95059 95060 df2dc Sleep 95059->95060 95061 9f661 timeGetTime 95059->95061 95062 8b567 39 API calls 95061->95062 95063 9f677 95062->95063 95063->94871 95249 112ad8 95064->95249 95066 11159f 95066->94871 95068 10aff9 217 API calls 95067->95068 95070 10ac0c 95068->95070 95069 10ac54 95069->94871 95070->95069 95071 8aceb 23 API calls 95070->95071 95071->95069 95072->94832 95074 89cc2 _wcslen 95073->95074 95075 9fe0b 22 API calls 95074->95075 95076 89cea __fread_nolock 95075->95076 95077 9fddb 22 API calls 95076->95077 95078 89d00 95077->95078 95078->94842 95079->94838 95080->94859 95081->94859 95082->94834 95083->94868 95084->94868 95085->94868 95086->94866 95087->94871 95088->94868 95090 87522 95089->95090 95091 87525 95089->95091 95112 edbbe lstrlenW 95090->95112 95092 8755b 95091->95092 95093 8752d 95091->95093 95094 c50f6 95092->95094 95096 8756d 95092->95096 95103 c500f 95092->95103 95117 a51c6 26 API calls 95093->95117 95120 a5183 26 API calls 95094->95120 95118 9fb21 51 API calls 95096->95118 95097 8753d 95102 9fddb 22 API calls 95097->95102 95100 c510e 95100->95100 95104 87547 95102->95104 95106 9fe0b 22 API calls 95103->95106 95111 c5088 95103->95111 95105 89cb3 22 API calls 95104->95105 95105->95090 95108 c5058 95106->95108 95107 9fddb 22 API calls 95109 c507f 95107->95109 95108->95107 95110 89cb3 22 API calls 95109->95110 95110->95111 95119 9fb21 51 API calls 95111->95119 95113 edbdc GetFileAttributesW 95112->95113 95114 edc06 95112->95114 95113->95114 95115 edbe8 FindFirstFileW 95113->95115 95114->95048 95115->95114 95116 edbf9 FindClose 95115->95116 95116->95114 95117->95097 95118->95097 95119->95094 95120->95100 95122 10b01d ___scrt_fastfail 95121->95122 95123 10b094 95122->95123 95124 10b058 95122->95124 95126 8b567 39 API calls 95123->95126 95131 10b08b 95123->95131 95219 8b567 95124->95219 95130 10b0a5 95126->95130 95127 10b063 95127->95131 95135 8b567 39 API calls 95127->95135 95128 10b0ed 95129 87510 53 API calls 95128->95129 95133 10b10b 95129->95133 95134 8b567 39 API calls 95130->95134 95131->95128 95132 8b567 39 API calls 95131->95132 95132->95128 95212 87620 95133->95212 95134->95131 95137 10b078 95135->95137 95138 8b567 39 API calls 95137->95138 95138->95131 95139 10b115 95140 10b1d8 95139->95140 95141 10b11f 95139->95141 95142 10b20a GetCurrentDirectoryW 95140->95142 95144 87510 53 API calls 95140->95144 95143 87510 53 API calls 95141->95143 95145 9fe0b 22 API calls 95142->95145 95146 10b130 95143->95146 95147 10b1ef 95144->95147 95148 10b22f GetCurrentDirectoryW 95145->95148 95149 87620 22 API calls 95146->95149 95150 87620 22 API calls 95147->95150 95151 10b23c 95148->95151 95152 10b13a 95149->95152 95153 10b1f9 _wcslen 95150->95153 95155 10b275 95151->95155 95224 89c6e 22 API calls 95151->95224 95154 87510 53 API calls 95152->95154 95153->95142 95153->95155 95156 10b14b 95154->95156 95163 10b287 95155->95163 95164 10b28b 95155->95164 95158 87620 22 API calls 95156->95158 95160 10b155 95158->95160 95159 10b255 95225 89c6e 22 API calls 95159->95225 95162 87510 53 API calls 95160->95162 95166 10b166 95162->95166 95168 10b2f8 95163->95168 95169 10b39a CreateProcessW 95163->95169 95227 f07c0 10 API calls 95164->95227 95165 10b265 95226 89c6e 22 API calls 95165->95226 95171 87620 22 API calls 95166->95171 95230 e11c8 39 API calls 95168->95230 95211 10b32f _wcslen 95169->95211 95174 10b170 95171->95174 95172 10b294 95228 f06e6 10 API calls 95172->95228 95177 10b1a6 GetSystemDirectoryW 95174->95177 95181 87510 53 API calls 95174->95181 95176 10b2fd 95179 10b323 95176->95179 95180 10b32a 95176->95180 95183 9fe0b 22 API calls 95177->95183 95178 10b2aa 95229 f05a7 8 API calls 95178->95229 95231 e1201 128 API calls 2 library calls 95179->95231 95232 e14ce 6 API calls 95180->95232 95185 10b187 95181->95185 95188 10b1cb GetSystemDirectoryW 95183->95188 95190 87620 22 API calls 95185->95190 95187 10b2d0 95187->95163 95188->95151 95189 10b328 95189->95211 95193 10b191 _wcslen 95190->95193 95191 10b3d6 GetLastError 95203 10b41a 95191->95203 95192 10b42f CloseHandle 95194 10b43f 95192->95194 95204 10b49a 95192->95204 95193->95151 95193->95177 95196 10b451 95194->95196 95197 10b446 CloseHandle 95194->95197 95199 10b463 95196->95199 95200 10b458 CloseHandle 95196->95200 95197->95196 95198 10b4a6 95198->95203 95201 10b475 95199->95201 95202 10b46a CloseHandle 95199->95202 95200->95199 95233 f09d9 34 API calls 95201->95233 95202->95201 95216 f0175 95203->95216 95204->95198 95209 10b4d2 CloseHandle 95204->95209 95208 10b486 95234 10b536 25 API calls 95208->95234 95209->95203 95211->95191 95211->95192 95213 8762a _wcslen 95212->95213 95214 9fe0b 22 API calls 95213->95214 95215 8763f 95214->95215 95215->95139 95235 f030f 95216->95235 95220 8b578 95219->95220 95221 8b57f 95219->95221 95220->95221 95248 a62d1 39 API calls 95220->95248 95221->95127 95223 8b5c2 95223->95127 95224->95159 95225->95165 95226->95155 95227->95172 95228->95178 95229->95187 95230->95176 95231->95189 95232->95211 95233->95208 95234->95204 95236 f0329 95235->95236 95237 f0321 CloseHandle 95235->95237 95238 f032e CloseHandle 95236->95238 95239 f0336 95236->95239 95237->95236 95238->95239 95240 f033b CloseHandle 95239->95240 95241 f0343 95239->95241 95240->95241 95242 f0348 CloseHandle 95241->95242 95243 f0350 95241->95243 95242->95243 95244 f035d 95243->95244 95245 f0355 CloseHandle 95243->95245 95246 f017d 95244->95246 95247 f0362 CloseHandle 95244->95247 95245->95244 95246->94871 95247->95246 95248->95223 95250 8aceb 23 API calls 95249->95250 95251 112af3 95250->95251 95252 112b1d 95251->95252 95253 112aff 95251->95253 95255 86b57 22 API calls 95252->95255 95254 87510 53 API calls 95253->95254 95256 112b0c 95254->95256 95257 112b1b 95255->95257 95256->95257 95259 8a8c7 22 API calls __fread_nolock 95256->95259 95257->95066 95259->95257 95261 90206 95260->95261 95275 9027e 95260->95275 95262 d5411 95261->95262 95263 90213 95261->95263 95346 107b7e 348 API calls 2 library calls 95262->95346 95270 d5435 95263->95270 95273 9021d 95263->95273 95264 d5405 95345 f359c 82 API calls __wsopen_s 95264->95345 95266 d5466 95271 d5471 95266->95271 95272 d5493 95266->95272 95267 8ec40 348 API calls 95267->95275 95270->95266 95274 d544d 95270->95274 95348 107b7e 348 API calls 2 library calls 95271->95348 95328 105689 95272->95328 95315 90230 ISource 95273->95315 95351 8a8c7 22 API calls __fread_nolock 95273->95351 95347 f359c 82 API calls __wsopen_s 95274->95347 95275->95267 95279 90405 95275->95279 95281 d51b9 95275->95281 95296 903f9 95275->95296 95301 90344 95275->95301 95304 d51ce ISource 95275->95304 95311 903b2 ISource 95275->95311 95279->94902 95341 f359c 82 API calls __wsopen_s 95281->95341 95282 d568a 95289 d56c0 95282->95289 95353 107771 67 API calls 95282->95353 95285 d5332 95285->95315 95344 8a8c7 22 API calls __fread_nolock 95285->95344 95288 d5532 95349 f1119 22 API calls 95288->95349 95293 8aceb 23 API calls 95289->95293 95290 d5668 95294 87510 53 API calls 95290->95294 95317 90273 ISource 95293->95317 95308 d5670 _wcslen 95294->95308 95295 d569e 95298 87510 53 API calls 95295->95298 95296->95279 95340 f359c 82 API calls __wsopen_s 95296->95340 95297 d54b9 95335 f0acc 95297->95335 95314 d56a6 _wcslen 95298->95314 95301->95296 95339 904f0 22 API calls 95301->95339 95303 d5544 95350 8a673 22 API calls 95303->95350 95304->95311 95304->95317 95342 f359c 82 API calls __wsopen_s 95304->95342 95305 903a5 95305->95296 95305->95311 95308->95282 95312 8aceb 23 API calls 95308->95312 95310 d554d 95318 f0acc 22 API calls 95310->95318 95311->95264 95311->95285 95311->95315 95311->95317 95343 9a308 348 API calls 95311->95343 95312->95282 95313 91310 348 API calls 95313->95315 95314->95289 95316 8aceb 23 API calls 95314->95316 95315->95282 95315->95317 95352 107632 54 API calls __wsopen_s 95315->95352 95316->95289 95317->94902 95319 d5566 95318->95319 95320 8bf40 348 API calls 95319->95320 95320->95315 95321->94902 95322->94900 95323->94900 95324->94900 95325->94900 95326->94905 95327->94900 95329 d549e 95328->95329 95330 1056a4 95328->95330 95329->95288 95329->95297 95331 9fe0b 22 API calls 95330->95331 95333 1056c6 95331->95333 95332 9fddb 22 API calls 95332->95333 95333->95329 95333->95332 95354 f0a59 95333->95354 95336 f0ada 95335->95336 95338 d54e3 95335->95338 95337 9fddb 22 API calls 95336->95337 95336->95338 95337->95338 95338->95313 95339->95305 95340->95317 95341->95304 95342->95311 95343->95311 95344->95315 95345->95262 95346->95315 95347->95317 95348->95315 95349->95303 95350->95310 95351->95315 95352->95290 95353->95295 95355 f0a7a 95354->95355 95356 9fddb 22 API calls 95355->95356 95357 f0a85 95355->95357 95356->95357 95357->95333 95359 edf02 95358->95359 95360 edf19 95359->95360 95363 edf1f 95359->95363 95367 a63b2 GetStringTypeW _strftime 95359->95367 95368 a62fb 39 API calls 95360->95368 95363->94921 95364->94921 95365->94921 95366->94921 95367->95359 95368->95363 96157 8dee5 96160 8b710 96157->96160 96161 8b72b 96160->96161 96162 d00f8 96161->96162 96163 d0146 96161->96163 96186 8b750 96161->96186 96166 d0102 96162->96166 96169 d010f 96162->96169 96162->96186 96202 1058a2 348 API calls 2 library calls 96163->96202 96200 105d33 348 API calls 96166->96200 96187 8ba20 96169->96187 96201 1061d0 348 API calls 2 library calls 96169->96201 96172 d03d9 96172->96172 96174 8bbe0 40 API calls 96174->96186 96177 8ba4e 96178 d0322 96205 105c0c 82 API calls 96178->96205 96182 8aceb 23 API calls 96182->96186 96185 9d336 40 API calls 96185->96186 96186->96174 96186->96177 96186->96178 96186->96182 96186->96185 96186->96187 96188 8ec40 348 API calls 96186->96188 96191 8a81b 41 API calls 96186->96191 96192 9d2f0 40 API calls 96186->96192 96193 9a01b 348 API calls 96186->96193 96194 a0242 5 API calls __Init_thread_wait 96186->96194 96195 9edcd 22 API calls 96186->96195 96196 a00a3 29 API calls __onexit 96186->96196 96197 a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96186->96197 96198 9ee53 82 API calls 96186->96198 96199 9e5ca 348 API calls 96186->96199 96203 df6bf 23 API calls 96186->96203 96204 8a8c7 22 API calls __fread_nolock 96186->96204 96187->96177 96206 f359c 82 API calls __wsopen_s 96187->96206 96188->96186 96191->96186 96192->96186 96193->96186 96194->96186 96195->96186 96196->96186 96197->96186 96198->96186 96199->96186 96200->96169 96201->96187 96202->96186 96203->96186 96204->96186 96205->96187 96206->96172 95369 c2402 95372 81410 95369->95372 95373 c24b8 DestroyWindow 95372->95373 95374 8144f mciSendStringW 95372->95374 95387 c24c4 95373->95387 95375 8146b 95374->95375 95376 816c6 95374->95376 95377 81479 95375->95377 95375->95387 95376->95375 95378 816d5 UnregisterHotKey 95376->95378 95405 8182e 95377->95405 95378->95376 95380 c24d8 95380->95387 95411 86246 CloseHandle 95380->95411 95381 c24e2 FindClose 95381->95387 95383 c2509 95386 c251c FreeLibrary 95383->95386 95388 c252d 95383->95388 95385 8148e 95385->95388 95393 8149c 95385->95393 95386->95383 95387->95380 95387->95381 95387->95383 95389 c2541 VirtualFree 95388->95389 95396 81509 95388->95396 95389->95388 95390 814f8 CoUninitialize 95390->95396 95391 c2589 95398 c2598 ISource 95391->95398 95412 f32eb 6 API calls ISource 95391->95412 95392 81514 95395 81524 95392->95395 95393->95390 95409 81944 VirtualFreeEx CloseHandle 95395->95409 95396->95391 95396->95392 95401 c2627 95398->95401 95413 e64d4 22 API calls ISource 95398->95413 95400 8153a 95400->95398 95402 8161f 95400->95402 95401->95401 95402->95401 95410 81876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95402->95410 95404 816c1 95406 8183b 95405->95406 95407 81480 95406->95407 95414 e702a 22 API calls 95406->95414 95407->95383 95407->95385 95409->95400 95410->95404 95411->95380 95412->95391 95413->95398 95414->95406 95415 81098 95420 842de 95415->95420 95419 810a7 95421 8a961 22 API calls 95420->95421 95422 842f5 GetVersionExW 95421->95422 95423 86b57 22 API calls 95422->95423 95424 84342 95423->95424 95425 893b2 22 API calls 95424->95425 95433 84378 95424->95433 95426 8436c 95425->95426 95441 837a0 95426->95441 95427 8441b GetCurrentProcess IsWow64Process 95429 84437 95427->95429 95431 8444f LoadLibraryA 95429->95431 95432 c3824 GetSystemInfo 95429->95432 95430 c37df 95434 8449c GetSystemInfo 95431->95434 95435 84460 GetProcAddress 95431->95435 95433->95427 95433->95430 95437 84476 95434->95437 95435->95434 95436 84470 GetNativeSystemInfo 95435->95436 95436->95437 95438 8447a FreeLibrary 95437->95438 95439 8109d 95437->95439 95438->95439 95440 a00a3 29 API calls __onexit 95439->95440 95440->95419 95442 837ae 95441->95442 95443 893b2 22 API calls 95442->95443 95444 837c2 95443->95444 95444->95433 95445 9f698 95446 9f6a2 95445->95446 95450 9f6c3 95445->95450 95454 8af8a 95446->95454 95449 9f6b2 95451 8af8a 22 API calls 95449->95451 95452 df2f8 95450->95452 95462 e4d4a 22 API calls ISource 95450->95462 95453 9f6c2 95451->95453 95455 8af98 95454->95455 95461 8afc0 ISource 95454->95461 95456 8afa6 95455->95456 95457 8af8a 22 API calls 95455->95457 95458 8afac 95456->95458 95459 8af8a 22 API calls 95456->95459 95457->95456 95460 8b090 22 API calls 95458->95460 95458->95461 95459->95458 95460->95461 95461->95449 95462->95450 96207 a03fb 96208 a0407 __FrameHandler3::FrameUnwindToState 96207->96208 96236 9feb1 96208->96236 96210 a040e 96211 a0561 96210->96211 96214 a0438 96210->96214 96266 a083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96211->96266 96213 a0568 96259 a4e52 96213->96259 96225 a0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96214->96225 96247 b247d 96214->96247 96221 a0457 96223 a04d8 96255 a0959 96223->96255 96225->96223 96262 a4e1a 38 API calls 3 library calls 96225->96262 96227 a04de 96228 a04f3 96227->96228 96263 a0992 GetModuleHandleW 96228->96263 96230 a04fa 96230->96213 96231 a04fe 96230->96231 96232 a0507 96231->96232 96264 a4df5 28 API calls _abort 96231->96264 96265 a0040 13 API calls 2 library calls 96232->96265 96235 a050f 96235->96221 96237 9feba 96236->96237 96268 a0698 IsProcessorFeaturePresent 96237->96268 96239 9fec6 96269 a2c94 10 API calls 3 library calls 96239->96269 96241 9fecb 96242 9fecf 96241->96242 96270 b2317 96241->96270 96242->96210 96245 9fee6 96245->96210 96248 b2494 96247->96248 96249 a0a8c CatchGuardHandler 5 API calls 96248->96249 96250 a0451 96249->96250 96250->96221 96251 b2421 96250->96251 96254 b2450 96251->96254 96252 a0a8c CatchGuardHandler 5 API calls 96253 b2479 96252->96253 96253->96225 96254->96252 96321 a2340 96255->96321 96257 a096c GetStartupInfoW 96258 a097f 96257->96258 96258->96227 96323 a4bcf 96259->96323 96262->96223 96263->96230 96264->96232 96265->96235 96266->96213 96268->96239 96269->96241 96274 bd1f6 96270->96274 96273 a2cbd 8 API calls 3 library calls 96273->96242 96277 bd213 96274->96277 96278 bd20f 96274->96278 96276 9fed8 96276->96245 96276->96273 96277->96278 96280 b4bfb 96277->96280 96292 a0a8c 96278->96292 96281 b4c07 __FrameHandler3::FrameUnwindToState 96280->96281 96299 b2f5e EnterCriticalSection 96281->96299 96283 b4c0e 96300 b50af 96283->96300 96285 b4c1d 96286 b4c2c 96285->96286 96313 b4a8f 29 API calls 96285->96313 96315 b4c48 LeaveCriticalSection _abort 96286->96315 96289 b4c27 96314 b4b45 GetStdHandle GetFileType 96289->96314 96290 b4c3d __fread_nolock 96290->96277 96293 a0a97 IsProcessorFeaturePresent 96292->96293 96294 a0a95 96292->96294 96296 a0c5d 96293->96296 96294->96276 96320 a0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96296->96320 96298 a0d40 96298->96276 96299->96283 96301 b50bb __FrameHandler3::FrameUnwindToState 96300->96301 96302 b50c8 96301->96302 96303 b50df 96301->96303 96317 af2d9 20 API calls __dosmaperr 96302->96317 96316 b2f5e EnterCriticalSection 96303->96316 96306 b50eb 96310 b5000 __wsopen_s 21 API calls 96306->96310 96312 b5117 96306->96312 96307 b50cd 96318 b27ec 26 API calls ___std_exception_copy 96307->96318 96310->96306 96311 b50d7 __fread_nolock 96311->96285 96319 b513e LeaveCriticalSection _abort 96312->96319 96313->96289 96314->96286 96315->96290 96316->96306 96317->96307 96318->96311 96319->96311 96320->96298 96322 a2357 96321->96322 96322->96257 96322->96322 96324 a4bdb __FrameHandler3::FrameUnwindToState 96323->96324 96325 a4be2 96324->96325 96326 a4bf4 96324->96326 96362 a4d29 GetModuleHandleW 96325->96362 96347 b2f5e EnterCriticalSection 96326->96347 96329 a4be7 96329->96326 96363 a4d6d GetModuleHandleExW 96329->96363 96330 a4c99 96351 a4cd9 96330->96351 96334 a4c70 96338 a4c88 96334->96338 96342 b2421 _abort 5 API calls 96334->96342 96336 a4ce2 96371 c1d29 5 API calls CatchGuardHandler 96336->96371 96337 a4cb6 96354 a4ce8 96337->96354 96343 b2421 _abort 5 API calls 96338->96343 96342->96338 96343->96330 96344 a4bfb 96344->96330 96344->96334 96348 b21a8 96344->96348 96347->96344 96372 b1ee1 96348->96372 96391 b2fa6 LeaveCriticalSection 96351->96391 96353 a4cb2 96353->96336 96353->96337 96392 b360c 96354->96392 96357 a4d16 96360 a4d6d _abort 8 API calls 96357->96360 96358 a4cf6 GetPEB 96358->96357 96359 a4d06 GetCurrentProcess TerminateProcess 96358->96359 96359->96357 96361 a4d1e ExitProcess 96360->96361 96362->96329 96364 a4dba 96363->96364 96365 a4d97 GetProcAddress 96363->96365 96366 a4dc9 96364->96366 96367 a4dc0 FreeLibrary 96364->96367 96368 a4dac 96365->96368 96369 a0a8c CatchGuardHandler 5 API calls 96366->96369 96367->96366 96368->96364 96370 a4bf3 96369->96370 96370->96326 96375 b1e90 96372->96375 96374 b1f05 96374->96334 96376 b1e9c __FrameHandler3::FrameUnwindToState 96375->96376 96383 b2f5e EnterCriticalSection 96376->96383 96378 b1eaa 96384 b1f31 96378->96384 96382 b1ec8 __fread_nolock 96382->96374 96383->96378 96385 b1f59 96384->96385 96386 b1f51 96384->96386 96385->96386 96389 b29c8 _free 20 API calls 96385->96389 96387 a0a8c CatchGuardHandler 5 API calls 96386->96387 96388 b1eb7 96387->96388 96390 b1ed5 LeaveCriticalSection _abort 96388->96390 96389->96386 96390->96382 96391->96353 96393 b3631 96392->96393 96395 b3627 96392->96395 96399 b2fd7 5 API calls 2 library calls 96393->96399 96396 a0a8c CatchGuardHandler 5 API calls 96395->96396 96397 a4cf2 96396->96397 96397->96357 96397->96358 96398 b3648 96398->96395 96399->96398 95463 dd35f 95464 dd30c 95463->95464 95467 edf27 SHGetFolderPathW 95464->95467 95468 86b57 22 API calls 95467->95468 95469 dd315 95468->95469 95470 dd79f 95475 83b1c 95470->95475 95472 dd7bf 95482 89c6e 22 API calls 95472->95482 95474 dd7ef 95474->95474 95476 83b8c 95475->95476 95477 83b29 95475->95477 95476->95472 95477->95476 95478 83b30 RegOpenKeyExW 95477->95478 95478->95476 95479 83b4a RegQueryValueExW 95478->95479 95480 83b6b 95479->95480 95481 83b80 RegCloseKey 95479->95481 95480->95481 95481->95476 95482->95474 95483 8105b 95488 8344d 95483->95488 95485 8106a 95519 a00a3 29 API calls __onexit 95485->95519 95487 81074 95489 8345d __wsopen_s 95488->95489 95490 8a961 22 API calls 95489->95490 95491 83513 95490->95491 95520 83a5a 95491->95520 95493 8351c 95527 83357 95493->95527 95500 8a961 22 API calls 95501 8354d 95500->95501 95548 8a6c3 95501->95548 95504 c3176 RegQueryValueExW 95505 c320c RegCloseKey 95504->95505 95506 c3193 95504->95506 95508 83578 95505->95508 95517 c321e _wcslen 95505->95517 95507 9fe0b 22 API calls 95506->95507 95509 c31ac 95507->95509 95508->95485 95554 85722 95509->95554 95512 c31d4 95513 86b57 22 API calls 95512->95513 95514 c31ee ISource 95513->95514 95514->95505 95515 89cb3 22 API calls 95515->95517 95516 8515f 22 API calls 95516->95517 95517->95508 95517->95515 95517->95516 95518 84c6d 22 API calls 95517->95518 95518->95517 95519->95487 95557 c1f50 95520->95557 95523 89cb3 22 API calls 95524 83a8d 95523->95524 95559 83aa2 95524->95559 95526 83a97 95526->95493 95528 c1f50 __wsopen_s 95527->95528 95529 83364 GetFullPathNameW 95528->95529 95530 83386 95529->95530 95531 86b57 22 API calls 95530->95531 95532 833a4 95531->95532 95533 833c6 95532->95533 95534 833dd 95533->95534 95535 c30bb 95533->95535 95569 833ee 95534->95569 95536 9fddb 22 API calls 95535->95536 95539 c30c5 _wcslen 95536->95539 95538 833e8 95542 8515f 95538->95542 95540 9fe0b 22 API calls 95539->95540 95541 c30fe __fread_nolock 95540->95541 95543 8516e 95542->95543 95547 8518f __fread_nolock 95542->95547 95545 9fe0b 22 API calls 95543->95545 95544 9fddb 22 API calls 95546 83544 95544->95546 95545->95547 95546->95500 95547->95544 95549 8a6dd 95548->95549 95553 83556 RegOpenKeyExW 95548->95553 95550 9fddb 22 API calls 95549->95550 95551 8a6e7 95550->95551 95552 9fe0b 22 API calls 95551->95552 95552->95553 95553->95504 95553->95508 95555 9fddb 22 API calls 95554->95555 95556 85734 RegQueryValueExW 95555->95556 95556->95512 95556->95514 95558 83a67 GetModuleFileNameW 95557->95558 95558->95523 95560 c1f50 __wsopen_s 95559->95560 95561 83aaf GetFullPathNameW 95560->95561 95562 83ae9 95561->95562 95563 83ace 95561->95563 95564 8a6c3 22 API calls 95562->95564 95565 86b57 22 API calls 95563->95565 95566 83ada 95564->95566 95565->95566 95567 837a0 22 API calls 95566->95567 95568 83ae6 95567->95568 95568->95526 95570 833fe _wcslen 95569->95570 95571 c311d 95570->95571 95572 83411 95570->95572 95573 9fddb 22 API calls 95571->95573 95579 8a587 95572->95579 95576 c3127 95573->95576 95575 8341e __fread_nolock 95575->95538 95577 9fe0b 22 API calls 95576->95577 95578 c3157 __fread_nolock 95577->95578 95580 8a59d 95579->95580 95583 8a598 __fread_nolock 95579->95583 95581 9fe0b 22 API calls 95580->95581 95582 cf80f 95580->95582 95581->95583 95582->95582 95583->95575 96400 8defc 96403 81d6f 96400->96403 96402 8df07 96404 81d8c 96403->96404 96405 81f6f 348 API calls 96404->96405 96406 81da6 96405->96406 96407 c2759 96406->96407 96409 81e36 96406->96409 96410 81dc2 96406->96410 96413 f359c 82 API calls __wsopen_s 96407->96413 96409->96402 96410->96409 96412 8289a 23 API calls 96410->96412 96412->96409 96413->96409 95584 dd29a 95587 ede27 WSAStartup 95584->95587 95586 dd2a5 95588 ede50 gethostname gethostbyname 95587->95588 95589 edee6 95587->95589 95588->95589 95590 ede73 __fread_nolock 95588->95590 95589->95586 95591 edea5 inet_ntoa 95590->95591 95595 ede87 95590->95595 95592 edebe _strcat 95591->95592 95596 eebd1 95592->95596 95593 edede WSACleanup 95593->95589 95595->95593 95597 eec37 95596->95597 95598 eebe0 _strlen 95596->95598 95597->95595 95599 eebef MultiByteToWideChar 95598->95599 95599->95597 95600 eec04 95599->95600 95601 9fe0b 22 API calls 95600->95601 95602 eec20 MultiByteToWideChar 95601->95602 95602->95597 96414 dd27a GetUserNameW 96415 dd292 96414->96415 95603 dd255 95604 83b1c 3 API calls 95603->95604 95605 dd275 95603->95605 95604->95605 95605->95605 96416 d3f75 96427 9ceb1 96416->96427 96418 d3f8b 96419 d4006 96418->96419 96436 9e300 23 API calls 96418->96436 96423 8bf40 348 API calls 96419->96423 96421 d3fe6 96422 d4052 96421->96422 96437 f1abf 22 API calls 96421->96437 96425 d4a88 96422->96425 96438 f359c 82 API calls __wsopen_s 96422->96438 96423->96422 96428 9cebf 96427->96428 96429 9ced2 96427->96429 96430 8aceb 23 API calls 96428->96430 96431 9cf05 96429->96431 96432 9ced7 96429->96432 96435 9cec9 96430->96435 96433 8aceb 23 API calls 96431->96433 96434 9fddb 22 API calls 96432->96434 96433->96435 96434->96435 96435->96418 96436->96421 96437->96419 96438->96425 96439 81033 96444 84c91 96439->96444 96443 81042 96445 8a961 22 API calls 96444->96445 96446 84cff 96445->96446 96452 83af0 96446->96452 96449 84d9c 96450 81038 96449->96450 96455 851f7 22 API calls __fread_nolock 96449->96455 96451 a00a3 29 API calls __onexit 96450->96451 96451->96443 96453 83b1c 3 API calls 96452->96453 96454 83b0f 96453->96454 96454->96449 96455->96449 96456 8fe73 96457 9ceb1 23 API calls 96456->96457 96458 8fe89 96457->96458 96463 9cf92 96458->96463 96460 8feb3 96475 f359c 82 API calls __wsopen_s 96460->96475 96462 d4ab8 96464 86270 22 API calls 96463->96464 96465 9cfc9 96464->96465 96466 89cb3 22 API calls 96465->96466 96469 9cffa 96465->96469 96467 dd166 96466->96467 96476 86350 22 API calls 96467->96476 96469->96460 96470 dd171 96477 9d2f0 40 API calls 96470->96477 96472 dd184 96473 8aceb 23 API calls 96472->96473 96474 dd188 96472->96474 96473->96474 96474->96474 96475->96462 96476->96470 96477->96472 95606 83156 95609 83170 95606->95609 95610 83187 95609->95610 95611 831eb 95610->95611 95612 8318c 95610->95612 95647 831e9 95610->95647 95614 c2dfb 95611->95614 95615 831f1 95611->95615 95616 83199 95612->95616 95617 83265 PostQuitMessage 95612->95617 95613 831d0 DefWindowProcW 95651 8316a 95613->95651 95668 818e2 10 API calls 95614->95668 95618 831f8 95615->95618 95619 8321d SetTimer RegisterWindowMessageW 95615->95619 95621 c2e7c 95616->95621 95622 831a4 95616->95622 95617->95651 95623 c2d9c 95618->95623 95624 83201 KillTimer 95618->95624 95626 83246 CreatePopupMenu 95619->95626 95619->95651 95681 ebf30 34 API calls ___scrt_fastfail 95621->95681 95627 c2e68 95622->95627 95628 831ae 95622->95628 95630 c2dd7 MoveWindow 95623->95630 95631 c2da1 95623->95631 95654 830f2 95624->95654 95625 c2e1c 95669 9e499 42 API calls 95625->95669 95626->95651 95658 ec161 95627->95658 95635 c2e4d 95628->95635 95636 831b9 95628->95636 95630->95651 95638 c2dc6 SetFocus 95631->95638 95639 c2da7 95631->95639 95635->95613 95680 e0ad7 22 API calls 95635->95680 95641 83253 95636->95641 95649 831c4 95636->95649 95637 c2e8e 95637->95613 95637->95651 95638->95651 95642 c2db0 95639->95642 95639->95649 95666 8326f 44 API calls ___scrt_fastfail 95641->95666 95667 818e2 10 API calls 95642->95667 95647->95613 95648 83263 95648->95651 95649->95613 95650 830f2 Shell_NotifyIconW 95649->95650 95652 c2e41 95650->95652 95670 83837 95652->95670 95655 83154 95654->95655 95656 83104 ___scrt_fastfail 95654->95656 95665 83c50 DeleteObject DestroyWindow 95655->95665 95657 83123 Shell_NotifyIconW 95656->95657 95657->95655 95659 ec179 ___scrt_fastfail 95658->95659 95660 ec276 95658->95660 95682 83923 95659->95682 95660->95651 95662 ec25f KillTimer SetTimer 95662->95660 95663 ec1a0 95663->95662 95664 ec251 Shell_NotifyIconW 95663->95664 95664->95662 95665->95651 95666->95648 95667->95651 95668->95625 95669->95649 95671 83862 ___scrt_fastfail 95670->95671 95712 84212 95671->95712 95674 838e8 95676 c3386 Shell_NotifyIconW 95674->95676 95677 83906 Shell_NotifyIconW 95674->95677 95678 83923 24 API calls 95677->95678 95679 8391c 95678->95679 95679->95647 95680->95647 95681->95637 95683 8393f 95682->95683 95701 83a13 95682->95701 95704 86270 95683->95704 95686 8395a 95688 86b57 22 API calls 95686->95688 95687 c3393 LoadStringW 95689 c33ad 95687->95689 95690 8396f 95688->95690 95703 83994 ___scrt_fastfail 95689->95703 95710 8a8c7 22 API calls __fread_nolock 95689->95710 95691 8397c 95690->95691 95692 c33c9 95690->95692 95691->95689 95695 83986 95691->95695 95711 86350 22 API calls 95692->95711 95709 86350 22 API calls 95695->95709 95697 c33d7 95698 833c6 22 API calls 95697->95698 95697->95703 95700 c33f9 95698->95700 95699 839f9 Shell_NotifyIconW 95699->95701 95702 833c6 22 API calls 95700->95702 95701->95663 95702->95703 95703->95699 95705 9fe0b 22 API calls 95704->95705 95706 86295 95705->95706 95707 9fddb 22 API calls 95706->95707 95708 8394d 95707->95708 95708->95686 95708->95687 95709->95703 95710->95703 95711->95697 95713 c35a4 95712->95713 95714 838b7 95712->95714 95713->95714 95715 c35ad DestroyIcon 95713->95715 95714->95674 95716 ec874 42 API calls _strftime 95714->95716 95715->95714 95716->95674 96478 82e37 96479 8a961 22 API calls 96478->96479 96480 82e4d 96479->96480 96557 84ae3 96480->96557 96482 82e6b 96483 83a5a 24 API calls 96482->96483 96484 82e7f 96483->96484 96485 89cb3 22 API calls 96484->96485 96486 82e8c 96485->96486 96487 84ecb 94 API calls 96486->96487 96488 82ea5 96487->96488 96489 82ead 96488->96489 96490 c2cb0 96488->96490 96571 8a8c7 22 API calls __fread_nolock 96489->96571 96491 f2cf9 80 API calls 96490->96491 96492 c2cc3 96491->96492 96493 c2ccf 96492->96493 96495 84f39 68 API calls 96492->96495 96498 84f39 68 API calls 96493->96498 96495->96493 96496 82ec3 96572 86f88 22 API calls 96496->96572 96501 c2ce5 96498->96501 96499 82ecf 96500 89cb3 22 API calls 96499->96500 96502 82edc 96500->96502 96589 83084 22 API calls 96501->96589 96573 8a81b 41 API calls 96502->96573 96505 82eec 96507 89cb3 22 API calls 96505->96507 96506 c2d02 96590 83084 22 API calls 96506->96590 96509 82f12 96507->96509 96574 8a81b 41 API calls 96509->96574 96510 c2d1e 96512 83a5a 24 API calls 96510->96512 96513 c2d44 96512->96513 96591 83084 22 API calls 96513->96591 96514 82f21 96517 8a961 22 API calls 96514->96517 96516 c2d50 96592 8a8c7 22 API calls __fread_nolock 96516->96592 96519 82f3f 96517->96519 96575 83084 22 API calls 96519->96575 96521 c2d5e 96593 83084 22 API calls 96521->96593 96522 82f4b 96576 a4a28 40 API calls 3 library calls 96522->96576 96525 c2d6d 96594 8a8c7 22 API calls __fread_nolock 96525->96594 96526 82f59 96526->96501 96527 82f63 96526->96527 96577 a4a28 40 API calls 3 library calls 96527->96577 96530 c2d83 96595 83084 22 API calls 96530->96595 96531 82f6e 96531->96506 96533 82f78 96531->96533 96578 a4a28 40 API calls 3 library calls 96533->96578 96534 c2d90 96536 82f83 96536->96510 96537 82f8d 96536->96537 96579 a4a28 40 API calls 3 library calls 96537->96579 96539 82f98 96540 82fdc 96539->96540 96580 83084 22 API calls 96539->96580 96540->96525 96541 82fe8 96540->96541 96541->96534 96583 863eb 22 API calls 96541->96583 96543 82fbf 96581 8a8c7 22 API calls __fread_nolock 96543->96581 96546 82ff8 96584 86a50 22 API calls 96546->96584 96547 82fcd 96582 83084 22 API calls 96547->96582 96550 83006 96585 870b0 23 API calls 96550->96585 96554 83021 96555 83065 96554->96555 96586 86f88 22 API calls 96554->96586 96587 870b0 23 API calls 96554->96587 96588 83084 22 API calls 96554->96588 96558 84af0 __wsopen_s 96557->96558 96559 86b57 22 API calls 96558->96559 96560 84b22 96558->96560 96559->96560 96562 84b58 96560->96562 96596 84c6d 96560->96596 96565 84c29 96562->96565 96567 89cb3 22 API calls 96562->96567 96569 84c6d 22 API calls 96562->96569 96570 8515f 22 API calls 96562->96570 96563 89cb3 22 API calls 96566 84c52 96563->96566 96564 84c5e 96564->96482 96565->96563 96565->96564 96568 8515f 22 API calls 96566->96568 96567->96562 96568->96564 96569->96562 96570->96562 96571->96496 96572->96499 96573->96505 96574->96514 96575->96522 96576->96526 96577->96531 96578->96536 96579->96539 96580->96543 96581->96547 96582->96540 96583->96546 96584->96550 96585->96554 96586->96554 96587->96554 96588->96554 96589->96506 96590->96510 96591->96516 96592->96521 96593->96525 96594->96530 96595->96534 96597 8aec9 22 API calls 96596->96597 96598 84c78 96597->96598 96598->96560

                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 000842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 389 842de-8434d call 8a961 GetVersionExW call 86b57 394 c3617-c362a 389->394 395 84353 389->395 397 c362b-c362f 394->397 396 84355-84357 395->396 400 8435d-843bc call 893b2 call 837a0 396->400 401 c3656 396->401 398 c3631 397->398 399 c3632-c363e 397->399 398->399 399->397 402 c3640-c3642 399->402 418 c37df-c37e6 400->418 419 843c2-843c4 400->419 405 c365d-c3660 401->405 402->396 404 c3648-c364f 402->404 404->394 407 c3651 404->407 408 8441b-84435 GetCurrentProcess IsWow64Process 405->408 409 c3666-c36a8 405->409 407->401 411 84494-8449a 408->411 412 84437 408->412 409->408 413 c36ae-c36b1 409->413 415 8443d-84449 411->415 412->415 416 c36db-c36e5 413->416 417 c36b3-c36bd 413->417 420 8444f-8445e LoadLibraryA 415->420 421 c3824-c3828 GetSystemInfo 415->421 425 c36f8-c3702 416->425 426 c36e7-c36f3 416->426 422 c36bf-c36c5 417->422 423 c36ca-c36d6 417->423 427 c37e8 418->427 428 c3806-c3809 418->428 419->405 424 843ca-843dd 419->424 434 8449c-844a6 GetSystemInfo 420->434 435 84460-8446e GetProcAddress 420->435 422->408 423->408 436 c3726-c372f 424->436 437 843e3-843e5 424->437 430 c3704-c3710 425->430 431 c3715-c3721 425->431 426->408 429 c37ee 427->429 432 c380b-c381a 428->432 433 c37f4-c37fc 428->433 429->433 430->408 431->408 432->429 442 c381c-c3822 432->442 433->428 444 84476-84478 434->444 435->434 443 84470-84474 GetNativeSystemInfo 435->443 440 c373c-c3748 436->440 441 c3731-c3737 436->441 438 c374d-c3762 437->438 439 843eb-843ee 437->439 447 c376f-c377b 438->447 448 c3764-c376a 438->448 445 843f4-8440f 439->445 446 c3791-c3794 439->446 440->408 441->408 442->433 443->444 449 8447a-8447b FreeLibrary 444->449 450 84481-84493 444->450 451 c3780-c378c 445->451 452 84415 445->452 446->408 453 c379a-c37c1 446->453 447->408 448->408 449->450 451->408 452->408 454 c37ce-c37da 453->454 455 c37c3-c37c9 453->455 454->408 455->408
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 0008430D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,0011CB64,00000000,?,?), ref: 00084422
                                                                                                                                                                                                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 00084429
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00084454
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00084466
                                                                                                                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00084474
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 0008447B
                                                                                                                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 000844A0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 80812ce0bd0395e419e754d300d3a9c8e1df127846ac703be5de3a03d15f5488
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e7c16ad6c7dcbf06363f81fcc28bc9c36d5c2c5b19d879bd30cb2500a2d7599
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80812ce0bd0395e419e754d300d3a9c8e1df127846ac703be5de3a03d15f5488
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86A1B6629193C0FFC7A3D769B8607D97FE47F36366B08989DD0819BE21D22045C8CB61
                                                                                                                                                                                                                                                                                                                                                      Function 000842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 817 842a2-842ba CreateStreamOnHGlobal 818 842da-842dd 817->818 819 842bc-842d3 FindResourceExW 817->819 820 842d9 819->820 821 c35ba-c35c9 LoadResource 819->821 820->818 821->820 822 c35cf-c35dd SizeofResource 821->822 822->820 823 c35e3-c35ee LockResource 822->823 823->820 824 c35f4-c3612 823->824 824->820
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,000850AA,?,?,00000000,00000000), ref: 000842B2
                                                                                                                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,000850AA,?,?,00000000,00000000), ref: 000842C9
                                                                                                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,000850AA,?,?,00000000,00000000,?,?,?,?,?,?,00084F20), ref: 000C35BE
                                                                                                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,000850AA,?,?,00000000,00000000,?,?,?,?,?,?,00084F20), ref: 000C35D3
                                                                                                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(000850AA,?,?,000850AA,?,?,00000000,00000000,?,?,?,?,?,?,00084F20,?), ref: 000C35E6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 973513523dd4dcc19bd96271dcf5962a98136da288b089ad434fd9c07b89a6ef
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b770b30e65938e38d5096edc604b1eba5c1944ed2741e9ec79955c202a3e68a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 973513523dd4dcc19bd96271dcf5962a98136da288b089ad434fd9c07b89a6ef
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A11EC30244705BFD7249B65DC48F677BB9FBC8B41F108168B402C6650CB71D8008660
                                                                                                                                                                                                                                                                                                                                                      Function 000C2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00082B6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00151418,?,00082E7F,?,?,?,00000000), ref: 00083A78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,?,?,00142224), ref: 000C2C10
                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?,00142224), ref: 000C2C17
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: runas
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: afab88a0eada6798242e11a9e1d693bfc1dcdfcba923d53062be1dd85271f937
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 83ca868f7320d79966aea33fe9d949c88dadce816857ed5f1e5abe07622a78d2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afab88a0eada6798242e11a9e1d693bfc1dcdfcba923d53062be1dd85271f937
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA11D331208301AAC715FF60D952EFEB7A4BBD1751F44142DF0C2260A3CF218A4A8752
                                                                                                                                                                                                                                                                                                                                                      Function 000ED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 000ED501
                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 000ED50F
                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 000ED52F
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000ED5DC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 763a9081730d708003e9cff86b989aee1dcebaae6a1249f946142d75eabf639d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eef6d7e203320c469c95b92e98ffa08455a074e593ef483d861acf4b512be5a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 763a9081730d708003e9cff86b989aee1dcebaae6a1249f946142d75eabf639d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E318F721083419FD304EF54C885ABFBBE8FF99354F54092EF581961A2EB719A48CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000EDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,000C5222), ref: 000EDBCE
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 000EDBDD
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000EDBEE
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000EDBFA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a5f4736b060c4a6385fa2cccc44570d9a21e3d11fb8162d53b86db077e68a3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1caa63c959eeb62bb1951ea31b0d22f5b785a74c66302bdea7c27249d02c85e0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a5f4736b060c4a6385fa2cccc44570d9a21e3d11fb8162d53b86db077e68a3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2F0E530850911AB82246B7CEE0D8EA37ADDF01374B208703F836D24F0EBB05DA4C6D6
                                                                                                                                                                                                                                                                                                                                                      Function 000DD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9181bfae30ddaedffd7761d4001fb7a1167834894dfb76bbbfe59e9c809cc0d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 37b4158799b5edfdde55e007b04a2dec4aceb3e6281377fd157ca4db016764bd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9181bfae30ddaedffd7761d4001fb7a1167834894dfb76bbbfe59e9c809cc0d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2D012A1848209EACF609AD0CC459FDB37CBB38341F508453F806D1140D734C5486B71
                                                                                                                                                                                                                                                                                                                                                      Function 000A4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(000B28E9,?,000A4CBE,000B28E9,001488B8,0000000C,000A4E15,000B28E9,00000002,00000000,?,000B28E9), ref: 000A4D09
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,000A4CBE,000B28E9,001488B8,0000000C,000A4E15,000B28E9,00000002,00000000,?,000B28E9), ref: 000A4D10
                                                                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 000A4D22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 04111bb57a0692bcf15d74ef3f116de567a287509ed9593d1d55e76d8bc084c0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d64b0a14282e3bd213ff78d50b9b19287f1a61cf933169fee32f4af901338c6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04111bb57a0692bcf15d74ef3f116de567a287509ed9593d1d55e76d8bc084c0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56E0B635050148ABCF15AF94DE09AD87B69FB82785B108014FD158A523DB75DE82CA80
                                                                                                                                                                                                                                                                                                                                                      Function 000DD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 000DD28C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 54680bd4bd6acb38a3f593c0a785dd75007bea29326881b706a5fc2fe6641f4d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1bde24b66361a879d7891dc2a1feed8c2eb2a34eec9678623d5b7e328c4c701a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54680bd4bd6acb38a3f593c0a785dd75007bea29326881b706a5fc2fe6641f4d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DD0C9B484121DEACFA4CB90DC88DDDB37CBB14345F104152F146A2100D73095489F20
                                                                                                                                                                                                                                                                                                                                                      Function 0010AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 0 10aff9-10b056 call a2340 3 10b094-10b098 0->3 4 10b058-10b06b call 8b567 0->4 5 10b09a-10b0bb call 8b567 * 2 3->5 6 10b0dd-10b0e0 3->6 15 10b0c8 4->15 16 10b06d-10b092 call 8b567 * 2 4->16 30 10b0bf-10b0c4 5->30 10 10b0e2-10b0e5 6->10 11 10b0f5-10b119 call 87510 call 87620 6->11 12 10b0e8-10b0ed call 8b567 10->12 32 10b1d8-10b1e0 11->32 33 10b11f-10b178 call 87510 call 87620 call 87510 call 87620 call 87510 call 87620 11->33 12->11 20 10b0cb-10b0cf 15->20 16->30 25 10b0d1-10b0d7 20->25 26 10b0d9-10b0db 20->26 25->12 26->6 26->11 30->6 34 10b0c6 30->34 35 10b1e2-10b1fd call 87510 call 87620 32->35 36 10b20a-10b238 GetCurrentDirectoryW call 9fe0b GetCurrentDirectoryW 32->36 80 10b1a6-10b1d6 GetSystemDirectoryW call 9fe0b GetSystemDirectoryW 33->80 81 10b17a-10b195 call 87510 call 87620 33->81 34->20 35->36 50 10b1ff-10b208 call a4963 35->50 45 10b23c 36->45 48 10b240-10b244 45->48 51 10b275-10b285 call f00d9 48->51 52 10b246-10b270 call 89c6e * 3 48->52 50->36 50->51 64 10b287-10b289 51->64 65 10b28b-10b2e1 call f07c0 call f06e6 call f05a7 51->65 52->51 68 10b2ee-10b2f2 64->68 65->68 100 10b2e3 65->100 70 10b2f8-10b321 call e11c8 68->70 71 10b39a-10b3be CreateProcessW 68->71 84 10b323-10b328 call e1201 70->84 85 10b32a call e14ce 70->85 78 10b3c1-10b3d4 call 9fe14 * 2 71->78 101 10b3d6-10b3e8 78->101 102 10b42f-10b43d CloseHandle 78->102 80->45 81->80 107 10b197-10b1a0 call a4963 81->107 99 10b32f-10b33c call a4963 84->99 85->99 115 10b347-10b357 call a4963 99->115 116 10b33e-10b345 99->116 100->68 105 10b3ea 101->105 106 10b3ed-10b3fc 101->106 109 10b49c 102->109 110 10b43f-10b444 102->110 105->106 111 10b401-10b42a GetLastError call 8630c call 8cfa0 106->111 112 10b3fe 106->112 107->48 107->80 113 10b4a0-10b4a4 109->113 117 10b451-10b456 110->117 118 10b446-10b44c CloseHandle 110->118 129 10b4e5-10b4f6 call f0175 111->129 112->111 120 10b4b2-10b4bc 113->120 121 10b4a6-10b4b0 113->121 134 10b362-10b372 call a4963 115->134 135 10b359-10b360 115->135 116->115 116->116 124 10b463-10b468 117->124 125 10b458-10b45e CloseHandle 117->125 118->117 130 10b4c4-10b4e3 call 8cfa0 CloseHandle 120->130 131 10b4be 120->131 121->129 126 10b475-10b49a call f09d9 call 10b536 124->126 127 10b46a-10b470 CloseHandle 124->127 125->124 126->113 127->126 130->129 131->130 146 10b374-10b37b 134->146 147 10b37d-10b398 call 9fe14 * 3 134->147 135->134 135->135 146->146 146->147 147->78
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010B198
                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0010B1B0
                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0010B1D4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010B200
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0010B214
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0010B236
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010B332
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000F05A7: GetStdHandle.KERNEL32(000000F6), ref: 000F05C6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010B34B
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010B366
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0010B3B6
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0010B407
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0010B439
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0010B44A
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0010B45C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0010B46E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0010B4E3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2875bdefb5c8b2e984961db1fc0fdcc40e7aa2a1c261e9c74a12ad7dda69ed53
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: adf2ae23530ec056536e6976109c253b857abf61b1ac3480d818c781ad314737
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2875bdefb5c8b2e984961db1fc0fdcc40e7aa2a1c261e9c74a12ad7dda69ed53
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8F17C316083409FCB14EF24C891BAEBBE5BF85714F14855DF8999B2A2DB71EC44CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0008D730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 0008D807
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0008DA07
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0008DB28
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0008DB7B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0008DB89
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0008DB9F
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0008DBB1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 837f87aadeae021dc89032e37715299ab9476d2e0cd9127d15093e3267c6a1a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fdd4b90fa88228cf4378e008dbadbf6dc3b4b73df26c2d398e86e9a7e1158fee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 837f87aadeae021dc89032e37715299ab9476d2e0cd9127d15093e3267c6a1a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0642BE70608342EFD769EB24C844BAAB7E1BF95314F15861BE495873D2DB70E884CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00082CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00082D07
                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00082D31
                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00082D42
                                                                                                                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 00082D5F
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00082D6F
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 00082D85
                                                                                                                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00082D94
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a2caf3a27bc0ec0dd2c5a0c233162860e1b7d60925e0aac788604b26fab1fdce
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4532ca6a2068463770d5cd3a02d360ea1ee5c4b0181486b4ccc286f1fce5e33e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2caf3a27bc0ec0dd2c5a0c233162860e1b7d60925e0aac788604b26fab1fdce
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D21E0B5941308EFDB01DFA8E989BDDBBB4FB08705F00811AF511AA6A0D7B14580CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000C065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 457 c065b-c068b call c042f 460 c068d-c0698 call af2c6 457->460 461 c06a6-c06b2 call b5221 457->461 466 c069a-c06a1 call af2d9 460->466 467 c06cb-c0714 call c039a 461->467 468 c06b4-c06c9 call af2c6 call af2d9 461->468 477 c097d-c0983 466->477 475 c0716-c071f 467->475 476 c0781-c078a GetFileType 467->476 468->466 479 c0756-c077c GetLastError call af2a3 475->479 480 c0721-c0725 475->480 481 c078c-c07bd GetLastError call af2a3 CloseHandle 476->481 482 c07d3-c07d6 476->482 479->466 480->479 486 c0727-c0754 call c039a 480->486 481->466 496 c07c3-c07ce call af2d9 481->496 484 c07df-c07e5 482->484 485 c07d8-c07dd 482->485 489 c07e9-c0837 call b516a 484->489 490 c07e7 484->490 485->489 486->476 486->479 499 c0839-c0845 call c05ab 489->499 500 c0847-c086b call c014d 489->500 490->489 496->466 499->500 506 c086f-c0879 call b86ae 499->506 507 c086d 500->507 508 c087e-c08c1 500->508 506->477 507->506 509 c08e2-c08f0 508->509 510 c08c3-c08c7 508->510 514 c097b 509->514 515 c08f6-c08fa 509->515 510->509 513 c08c9-c08dd 510->513 513->509 514->477 515->514 516 c08fc-c092f CloseHandle call c039a 515->516 519 c0931-c095d GetLastError call af2a3 call b5333 516->519 520 c0963-c0977 516->520 519->520 520->514
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000C039A: CreateFileW.KERNEL32(00000000,00000000,?,000C0704,?,?,00000000,?,000C0704,00000000,0000000C), ref: 000C03B7
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000C076F
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000C0776
                                                                                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 000C0782
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000C078C
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000C0795
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000C07B5
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000C08FF
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000C0931
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000C0938
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e6d62dc09006d0df91e1da505daa94b4d6de19e84fe65beff7b32a13093f7d6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4be28a448db39739b9589e8aa2083a585acffb0bdf10e963e5d09ca177a55dca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6d62dc09006d0df91e1da505daa94b4d6de19e84fe65beff7b32a13093f7d6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25A1F532A14115CFDF29AFA8D851BEE7BE0AB06320F14415DF8159F292DB319D52CB91
                                                                                                                                                                                                                                                                                                                                                      Function 0008344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00151418,?,00082E7F,?,?,?,00000000), ref: 00083A78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00083379
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0008356A
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 000C318D
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 000C31CE
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 000C3210
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000C3277
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000C3286
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ff6ff325e95e16a0b9c3055ab421b4636d78dca6fe0392eb49a3fe3125e8565
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 57fe0af4fb0b8f3e96053f40db74b40a98b34d25984d331e34da37ece390f40f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ff6ff325e95e16a0b9c3055ab421b4636d78dca6fe0392eb49a3fe3125e8565
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2719F72508301DEC754EF65EC81DABBBE8FF9A740F40442EF4859B161EB709A88CB52
                                                                                                                                                                                                                                                                                                                                                      Function 00082B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00082B8E
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00082B9D
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00082BB3
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00082BC5
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00082BD7
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00082BEF
                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00082C40
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00082CD4: GetSysColorBrush.USER32(0000000F), ref: 00082D07
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00082CD4: RegisterClassExW.USER32(00000030), ref: 00082D31
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00082CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00082D42
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00082CD4: InitCommonControlsEx.COMCTL32(?), ref: 00082D5F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00082CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00082D6F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00082CD4: LoadIconW.USER32(000000A9), ref: 00082D85
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00082CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00082D94
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e188698b4475fa97f4df0f409a2ecf56c3743cecde0dc1171bd443eb26dd6357
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3b16f065af05b31748370f01a55d3510d39d9bb37c7d6c5289d875116e7cfc2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e188698b4475fa97f4df0f409a2ecf56c3743cecde0dc1171bd443eb26dd6357
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B214F70E40314FFDB519F95ED65B997FB4FB48B61F00415AE500AAAA0D3B10580CF90
                                                                                                                                                                                                                                                                                                                                                      Function 00083170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 598 83170-83185 599 831e5-831e7 598->599 600 83187-8318a 598->600 599->600 601 831e9 599->601 602 831eb 600->602 603 8318c-83193 600->603 604 831d0-831d8 DefWindowProcW 601->604 605 c2dfb-c2e23 call 818e2 call 9e499 602->605 606 831f1-831f6 602->606 607 83199-8319e 603->607 608 83265-8326d PostQuitMessage 603->608 615 831de-831e4 604->615 644 c2e28-c2e2f 605->644 610 831f8-831fb 606->610 611 8321d-83244 SetTimer RegisterWindowMessageW 606->611 613 c2e7c-c2e90 call ebf30 607->613 614 831a4-831a8 607->614 609 83219-8321b 608->609 609->615 616 c2d9c-c2d9f 610->616 617 83201-8320f KillTimer call 830f2 610->617 611->609 619 83246-83251 CreatePopupMenu 611->619 613->609 639 c2e96 613->639 620 c2e68-c2e72 call ec161 614->620 621 831ae-831b3 614->621 623 c2dd7-c2df6 MoveWindow 616->623 624 c2da1-c2da5 616->624 634 83214 call 83c50 617->634 619->609 635 c2e77 620->635 628 c2e4d-c2e54 621->628 629 831b9-831be 621->629 623->609 631 c2dc6-c2dd2 SetFocus 624->631 632 c2da7-c2daa 624->632 628->604 633 c2e5a-c2e63 call e0ad7 628->633 637 83253-83263 call 8326f 629->637 638 831c4-831ca 629->638 631->609 632->638 640 c2db0-c2dc1 call 818e2 632->640 633->604 634->609 635->609 637->609 638->604 638->644 639->604 640->609 644->604 648 c2e35-c2e48 call 830f2 call 83837 644->648 648->604
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0008316A,?,?), ref: 000831D8
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,0008316A,?,?), ref: 00083204
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00083227
                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0008316A,?,?), ref: 00083232
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00083246
                                                                                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00083267
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d75428f0f185169af05aba4e8e4a40ae6a460e4e71517055a956d7dd931beaa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0717ef107896349e155d64c31a8b73b53cd77ae70a23a5d6738fe5a2d11892fa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d75428f0f185169af05aba4e8e4a40ae6a460e4e71517055a956d7dd931beaa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD416B31240300FBDF663B789D1DBFD369AF785F05F040125F9929A9E2CBB09A8087A1
                                                                                                                                                                                                                                                                                                                                                      Function 00081410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 654 81410-81449 655 c24b8-c24b9 DestroyWindow 654->655 656 8144f-81465 mciSendStringW 654->656 659 c24c4-c24d1 655->659 657 8146b-81473 656->657 658 816c6-816d3 656->658 657->659 660 81479-81488 call 8182e 657->660 661 816f8-816ff 658->661 662 816d5-816f0 UnregisterHotKey 658->662 663 c2500-c2507 659->663 664 c24d3-c24d6 659->664 675 c250e-c251a 660->675 676 8148e-81496 660->676 661->657 667 81705 661->667 662->661 666 816f2-816f3 call 810d0 662->666 663->659 672 c2509 663->672 668 c24d8-c24e0 call 86246 664->668 669 c24e2-c24e5 FindClose 664->669 666->661 667->658 674 c24eb-c24f8 668->674 669->674 672->675 674->663 680 c24fa-c24fb call f32b1 674->680 677 c251c-c251e FreeLibrary 675->677 678 c2524-c252b 675->678 681 8149c-814c1 call 8cfa0 676->681 682 c2532-c253f 676->682 677->678 678->675 683 c252d 678->683 680->663 692 814f8-81503 CoUninitialize 681->692 693 814c3 681->693 684 c2566-c256d 682->684 685 c2541-c255e VirtualFree 682->685 683->682 684->682 689 c256f 684->689 685->684 688 c2560-c2561 call f3317 685->688 688->684 696 c2574-c2578 689->696 695 81509-8150e 692->695 692->696 694 814c6-814f6 call 81a05 call 819ae 693->694 694->692 698 c2589-c2596 call f32eb 695->698 699 81514-8151e 695->699 696->695 700 c257e-c2584 696->700 712 c2598 698->712 703 81524-815a5 call 8988f call 81944 call 817d5 call 9fe14 call 8177c call 8988f call 8cfa0 call 817fe call 9fe14 699->703 704 81707-81714 call 9f80e 699->704 700->695 716 c259d-c25bf call 9fdcd 703->716 744 815ab-815cf call 9fe14 703->744 704->703 714 8171a 704->714 712->716 714->704 722 c25c1 716->722 726 c25c6-c25e8 call 9fdcd 722->726 732 c25ea 726->732 734 c25ef-c2611 call 9fdcd 732->734 740 c2613 734->740 743 c2618-c2625 call e64d4 740->743 749 c2627 743->749 744->726 750 815d5-815f9 call 9fe14 744->750 753 c262c-c2639 call 9ac64 749->753 750->734 754 815ff-81619 call 9fe14 750->754 759 c263b 753->759 754->743 760 8161f-81643 call 817d5 call 9fe14 754->760 762 c2640-c264d call f3245 759->762 760->753 769 81649-81651 760->769 767 c264f 762->767 770 c2654-c2661 call f32cc 767->770 769->762 771 81657-81675 call 8988f call 8190a 769->771 776 c2663 770->776 771->770 780 8167b-81689 771->780 779 c2668-c2675 call f32cc 776->779 786 c2677 779->786 780->779 781 8168f-816c5 call 8988f * 3 call 81876 780->781 786->786
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00081459
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 000814F8
                                                                                                                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 000816DD
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 000C24B9
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 000C251E
                                                                                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 000C254B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4973fd5c505164bf27152585938221633d29a19809a0891bcb8b287c8c711c9c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2581e93739e9a87d0f257261ad6b1d48f5806e15370ff68595abb4e014bb3bcd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4973fd5c505164bf27152585938221633d29a19809a0891bcb8b287c8c711c9c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7D14831702612CFCB29EF14C599FA9F7A4BF05710F1542ADE48AAB652DB30AD52CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000EDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 793 ede27-ede4a WSAStartup 794 edee6-edef2 call a4983 793->794 795 ede50-ede71 gethostname gethostbyname 793->795 803 edef3-edef6 794->803 795->794 796 ede73-ede7a 795->796 798 ede7c-ede81 796->798 799 ede83-ede85 796->799 798->798 798->799 801 ede96-ededb call a0e20 inet_ntoa call ad5f0 call eebd1 call a4983 call 9fe14 799->801 802 ede87-ede94 call a4983 799->802 809 edede-edee4 WSACleanup 801->809 802->809 809->803
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0ff9b6bd2b7814ed1014bfc7b1b01884568a454c6b6091937d27336b06d190f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7ddbf3c6a4695c1e63a13acca6a860defcae910841b059a78b0c8f9709303e6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ff9b6bd2b7814ed1014bfc7b1b01884568a454c6b6091937d27336b06d190f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68112931904119AFCB24BB71DC4EEEF77ACDF52710F00016AF405E6192EFB18AC18A90
                                                                                                                                                                                                                                                                                                                                                      Function 00082C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 827 82c63-82cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00082C91
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00082CB2
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00081CAD,?), ref: 00082CC6
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00081CAD,?), ref: 00082CCF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 46c74fe52b4a80bcf77521022fdbd97a7a1dd450f36a53dba9c70bf40ef409d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ff1aea3d8056ccb0ccad3980bc098278fbc749c9fc86483fae5889d4c8f89442
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46c74fe52b4a80bcf77521022fdbd97a7a1dd450f36a53dba9c70bf40ef409d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38F0DA75581394BAEB721717AC18FB73EBDE7C6F61F01406AF900AA9B0C6611890DAB4
                                                                                                                                                                                                                                                                                                                                                      Function 000DD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 942 dd3a0-dd3a9 943 dd3ab-dd3b7 LoadLibraryA 942->943 944 dd376-dd37b 942->944 946 dd3c9 943->946 947 dd3b9-dd3c7 GetProcAddress 943->947 945 dd292-dd2a8 944->945 951 dd2a9 945->951 948 dd3ce-dd3de 946->948 947->946 947->948 948->945 952 dd3e4-dd3eb FreeLibrary 948->952 951->951 952->945
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32 ref: 000DD3AD
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 000DD3BF
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 000DD3E5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 31473e42952fd6fd1cac92756a9556f164324be872f5babc722f6193076fd382
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cbcf5a03190a853023601ec66b85cb8ee281c39964e99bdff73607f4c6988668
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31473e42952fd6fd1cac92756a9556f164324be872f5babc722f6193076fd382
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAF0A0718C5721EBDBB917248D68ABD7264AF21701F558167E806F6255EB20CE808AE2
                                                                                                                                                                                                                                                                                                                                                      Function 000810F3 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00081BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00081BF4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00081BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00081BFC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00081BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00081C07
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00081BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00081C12
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00081BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00081C1A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00081BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00081C22
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00081B4A: RegisterWindowMessageW.USER32(00000004,?,000812C4), ref: 00081BA2
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0008136A
                                                                                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32 ref: 00081388
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 000C24AB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: HK
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1986988660-2525483378
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 265b8fe8ada84738010fef46e77e0147d8d4e00a2cd6d3a35d0659627861bbae
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef40c766f90f08e93508944cdb114412426f214b9d809b906c5e8d6de083237e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 265b8fe8ada84738010fef46e77e0147d8d4e00a2cd6d3a35d0659627861bbae
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5471EEB4921300EFC786EF79AA457943BE4BB8A346354862AD45ADFB62F77048C5CF40
                                                                                                                                                                                                                                                                                                                                                      Function 00083B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00083B0F,SwapMouseButtons,00000004,?), ref: 00083B40
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00083B0F,SwapMouseButtons,00000004,?), ref: 00083B61
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00083B0F,SwapMouseButtons,00000004,?), ref: 00083B83
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a0a6ea41b5dd8590d95a0d01d473dec38a9b5afc89bf2768fb87bbdb59fb8ead
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 948b861cf8bf2ea3e94c6280740f3e99f50361f218e7d26d706d1d890d441b23
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0a6ea41b5dd8590d95a0d01d473dec38a9b5afc89bf2768fb87bbdb59fb8ead
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B1118B5510208FFDB609FA5DC44AEEBBA8EF84B84B108469BA45D7110E3319E4097A0
                                                                                                                                                                                                                                                                                                                                                      Function 0008DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • Variable must be of type 'Object'., xrefs: 000D32B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7cec6c2b2df37dd4793564fb8d9e2ac993d3d1d63ff01cafc13cf65d7871b19f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16438454b064b6d5c50c8fb704e68d03fd9e5a4300bbe38d65dc10bb4c7fb6e3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cec6c2b2df37dd4793564fb8d9e2ac993d3d1d63ff01cafc13cf65d7871b19f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38C2AF71A00245CFCB24EF58C884AADB7F1FF09310F24856AE995AB392D775EE41CB91
                                                                                                                                                                                                                                                                                                                                                      Function 0008EC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0008FE66
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a1430d3b381bf2ea8dc90bc3f8d0388dab49aafbb97e8f7694514d1a85f08df4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a151fbcf7088623e3998aae6eecf77432bca37a206b86b3c1307ff098afcd730
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1430d3b381bf2ea8dc90bc3f8d0388dab49aafbb97e8f7694514d1a85f08df4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DB29C74608342CFDB64EF24C480A6AB7E1BF99310F24486EE9C59B352D771ED85CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00083923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 000C33A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00083A04
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99447cddc72e9971adf23ecfe65321a89d8203bf34b7fead63dcb198b95cda56
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 12164dae22ecc30c3d159894b279bde660c0c2ca5483784429b6b070a078336f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99447cddc72e9971adf23ecfe65321a89d8203bf34b7fead63dcb198b95cda56
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB31C371408304AAC765FB20DC45BEFB7D8BB81B20F00492EF5D996492EB709789C7C2
                                                                                                                                                                                                                                                                                                                                                      Function 0009FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 000A0668
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A32A4: RaiseException.KERNEL32(?,?,?,000A068A,?,00151444,?,?,?,?,?,?,000A068A,00081129,00148738,00081129), ref: 000A3304
                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 000A0685
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d84bc126c42eb4e645c01433ac08527313ea4ebdccf41bf1d597a5cd5f3b4b69
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a302fdd8dc97a845e1e41cda941da1be821c726d1bc2483a9dc7575e1bd3c0a0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d84bc126c42eb4e645c01433ac08527313ea4ebdccf41bf1d597a5cd5f3b4b69
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6F0C23490020DB7CF04B6F4D846DEE77AD5F42394B604131B814D65E2EF71EA65C6C0
                                                                                                                                                                                                                                                                                                                                                      Function 000EC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00083A04
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 000EC259
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 000EC261
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 000EC270
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99ea25c3853a595e3e1ddcd746e74e58b6176df6277eea9ef0977c358f54d5d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a0d73a907377d7e2bd5c842550c16af1bfe867d72c082801eb44e5e15e62b386
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99ea25c3853a595e3e1ddcd746e74e58b6176df6277eea9ef0977c358f54d5d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED31C370904384AFFB729F658855BEBBBECAF07304F00449EE6DAA7241C3755A85CB51
                                                                                                                                                                                                                                                                                                                                                      Function 000B86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,?,000B85CC,?,00148CC8,0000000C), ref: 000B8704
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,000B85CC,?,00148CC8,0000000C), ref: 000B870E
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000B8739
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9428a9ce922a2af94a5329c539e25a4398c7f63e6b92547045706608297ee81c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dab88de9841e92101e9416c9286bffa4d6806438d8362d5a9641c8396a942f3e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9428a9ce922a2af94a5329c539e25a4398c7f63e6b92547045706608297ee81c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A0108326056202AD6E57274AC457FE67CD8B82B79F398159E8149B2E3DEA0CD81C390
                                                                                                                                                                                                                                                                                                                                                      Function 0008DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0008DB7B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0008DB89
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0008DB9F
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0008DBB1
                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 000D1CC9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6249979240e489bd3699e8443eea3e90b75413b3c0ecc430fe7951751d6d94b7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29be7fb8912187f3ba866aa2cfe96017683be30fd076958b68a6a721c99c7b6f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6249979240e489bd3699e8443eea3e90b75413b3c0ecc430fe7951751d6d94b7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7F05E30644380EBEB74DB60CD49FEA73EDFB44311F104A1AE65A874C0DB7094889B65
                                                                                                                                                                                                                                                                                                                                                      Function 00091310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 000917F6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 56a4d4cf73ce2fce46aa122e1d26be3a98bd21efb8caa1fc233facd7d8ec5217
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bab83e38834e9506c848f746dd80b8d1c1bbe69d8e0272dfcd6b9b1f0cb40eee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56a4d4cf73ce2fce46aa122e1d26be3a98bd21efb8caa1fc233facd7d8ec5217
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71226B70608302DFCB24DF14C484AAABBF1BF89314F15895DF4968B3A2D772E945DB92
                                                                                                                                                                                                                                                                                                                                                      Function 000901E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0d24e7a145c687b8f5fdf93152ed88c8f50600b13a356bc76b7e94cb492e44d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e01a84caa40272ee0b22759610191f1ac6a2c5577837856e84e34241e93240fa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0d24e7a145c687b8f5fdf93152ed88c8f50600b13a356bc76b7e94cb492e44d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64329B30A00605DFDF20EF54CC85BBEB7B5AF05311F14856AE955AB2A2D731EA40EBA1
                                                                                                                                                                                                                                                                                                                                                      Function 00082DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 000C2C8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00083A97,?,?,00082E7F,?,?,?,00000000), ref: 00083AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00082DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00082DC4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 36ff69d725a560245ec7ceca50f9afdb77ae28d73582d18341dd70dac5af4b78
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c8c05920f649c516aa7448d7e013d8a5d55ad71bdd17adfc9768a13fc28c0014
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36ff69d725a560245ec7ceca50f9afdb77ae28d73582d18341dd70dac5af4b78
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A21A271A002589FCF41EF94D849BEE7BF8AF49715F008059E445BB242DBB49A898FA1
                                                                                                                                                                                                                                                                                                                                                      Function 000DD363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetComputerNameW.KERNEL32(?,?), ref: 000DD375
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 371089d83e297724accc18cb6a75a09bc442fd303cb3d8db41f076c519393aee
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ddfe0e333a4a7ada3278b50bddf66702275983b678e273e7faa9889053234ca6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 371089d83e297724accc18cb6a75a09bc442fd303cb3d8db41f076c519393aee
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CED0C9B5855218EACBA4CB40DC88DEDB37CBB14341F508153F002A2100D73095889F20
                                                                                                                                                                                                                                                                                                                                                      Function 00083837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00083908
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1fb36e9e5c7bdcdd43f894e154d9f44bc67b1bdf8879292784071d8ed2936e71
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bdaf4f72bb5485a247024294e7c7a8bc3deaaeb04ee0d19cffd8597c226f62a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1fb36e9e5c7bdcdd43f894e154d9f44bc67b1bdf8879292784071d8ed2936e71
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2031BF70604301DFD761EF24D894B9BBBE8FB89719F00092EF9D987650EB71AA44CB52
                                                                                                                                                                                                                                                                                                                                                      Function 0009F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0009F661
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0008D730: GetInputState.USER32 ref: 0008D807
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 000DF2DE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 61b0cbf53a8aeb9bfc3fdc1506a2fbed8fefe62cc060002de2c4a3143d84120b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c5c583682ee0443891dfe8acd5c4bdd783524469c769214db78e744b34d5e252
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61b0cbf53a8aeb9bfc3fdc1506a2fbed8fefe62cc060002de2c4a3143d84120b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80F082712807059FD314FF65D545BAABBE4FF55760F00402AE859C73A1DB70A840CB90
                                                                                                                                                                                                                                                                                                                                                      Function 0008B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0008BB4E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a4c3154c282e8cb661da4f24e5f912d0b0e78708e5095f0c5952edc6fe59247
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 96b3e865dcc321d28b1f24d7b4984ed7cdd2952d6a1f493149c05e73734e2e35
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a4c3154c282e8cb661da4f24e5f912d0b0e78708e5095f0c5952edc6fe59247
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71328B35A00209DFDB24EF54C894BBEB7F9FB45300F14805AE999AB361D774AE81CB61
                                                                                                                                                                                                                                                                                                                                                      Function 00084ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00084E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00084EDD,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084E9C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00084E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00084EAE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00084E90: FreeLibrary.KERNEL32(00000000,?,?,00084EDD,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084EC0
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084EFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00084E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,000C3CDE,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084E62
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00084E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00084E74
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00084E59: FreeLibrary.KERNEL32(00000000,?,?,000C3CDE,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084E87
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0af0440e4b8c74239adf0e7140e7de0172f5769c012fd36812683cfc09d1b98
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d7fb8b362e3105011e2a46bed55290fe188d3c0acd905a383566a422fa093b91
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0af0440e4b8c74239adf0e7140e7de0172f5769c012fd36812683cfc09d1b98
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D11E332610206AACF24BF60DC02FED77A5BF40715F10842EF682A62C3EE709A459B90
                                                                                                                                                                                                                                                                                                                                                      Function 000B8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e90188a0e3968de7c8fc74c6890dbe634fd32f0c3f3f94d23209a75c7e67826
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd2773d2904ebeec9cf4cb1023cc199d2c7c7a0335dbd8432a0c7b06290cb63b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e90188a0e3968de7c8fc74c6890dbe634fd32f0c3f3f94d23209a75c7e67826
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1611067590420AAFCB15DF58E941ADE7BF9EF48314F148059F808AB312DB31DA11CBA5
                                                                                                                                                                                                                                                                                                                                                      Function 000B5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B4C7D: RtlAllocateHeap.NTDLL(00000008,00081129,00000000,?,000B2E29,00000001,00000364,?,?,?,000AF2DE,000B3863,00151444,?,0009FDF5,?), ref: 000B4CBE
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B506C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 95595639be151216339f3dbf7a83b38abc2b6606002401ac53fef83d8ff2a798
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD0126722047056BE3319E659C85ADAFBE8FB89370F25055DE18483281EA30A905C6B4
                                                                                                                                                                                                                                                                                                                                                      Function 000AE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c76ab91998ef5f3295c3f7e5fc21680ecdfe1e7803175f74d4e06e94e0351f22
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EBF0F432510A10A6D6313AE9DC05BDA339C9F533B4F100B15F425921D3DB70D80186A5
                                                                                                                                                                                                                                                                                                                                                      Function 000B4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,00081129,00000000,?,000B2E29,00000001,00000364,?,?,?,000AF2DE,000B3863,00151444,?,0009FDF5,?), ref: 000B4CBE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 41c6442f8240af71c69e46580904fcbc28508df0d61a363061ca6b3adecd0ed9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fbdbd506fbdc53cc29816af35d439baf28984f80f2d5162e0ec4370a19eb2500
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41c6442f8240af71c69e46580904fcbc28508df0d61a363061ca6b3adecd0ed9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9F0B431642228A6DBE15FA29C09BDA3FC8FF81BA1B144121F81DAA183CA70DE0046E0
                                                                                                                                                                                                                                                                                                                                                      Function 000B3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00151444,?,0009FDF5,?,?,0008A976,00000010,00151440,000813FC,?,000813C6,?,00081129), ref: 000B3852
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1796a39d9533c9c18b31be05cb9dfb23bb4923a22c8c5a56c6e51e846ae5cef1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 24a3dd82e5e4c8b0f783f39bcf528ec2eee34d280d0d082b52d42464b95b778e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1796a39d9533c9c18b31be05cb9dfb23bb4923a22c8c5a56c6e51e846ae5cef1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CE0ED35140325AAE7712AAA9C01BDA3688BB82BF0F260030BC0496992DF60DE0182E2
                                                                                                                                                                                                                                                                                                                                                      Function 00084F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084F6D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8433008d18488d0e27192c495c7c53f97947b13bfad63c7a211e913ae3582df8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b24544c528f300b9812f8a72d3f070602c0a1a841beed42f21c44b2a31c12bae
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8433008d18488d0e27192c495c7c53f97947b13bfad63c7a211e913ae3582df8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1F03971105752CFDB38AF64D490866BBE4BF143293258A7EE2EA82622C7319884DF50
                                                                                                                                                                                                                                                                                                                                                      Function 00112A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00112A66
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bb15d2014251b3216b94a32ee43efb172b232ce8bf68cefa8d42b208e92a8b82
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 27ddad90e8e18fbc0cd1081b6cd4e334d7c0fa604d035589de46cba2a9391ea3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb15d2014251b3216b94a32ee43efb172b232ce8bf68cefa8d42b208e92a8b82
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89E04F3639411AAECB18EA31EC848FEB75CEF50395710453AEC16D3501EB30A9E596E0
                                                                                                                                                                                                                                                                                                                                                      Function 000830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0008314E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9d56a0d4ee07a2ec921eec785ceeb54bf62dacc588df96de993503f24ee3891a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d78ecc06fd6f32e44c800c8abe18a5c95ab3b20fe98dc9552d51c06d6fa14657
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d56a0d4ee07a2ec921eec785ceeb54bf62dacc588df96de993503f24ee3891a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65F03770914314AFEB939B64DC497D97BFCB701708F0000E5A58896592D77457C8CF51
                                                                                                                                                                                                                                                                                                                                                      Function 00082DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00082DC4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6103ea40af003a452e7ece43b6f1a42baa717604b133173f7e5533257d3825ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5d19fbd7de6078f01cc5a355a3a28c858da65c101667fbd9881f9d964a81ecb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6103ea40af003a452e7ece43b6f1a42baa717604b133173f7e5533257d3825ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5E0CD726002245BC710A3589C05FDA77DDDFC8790F054075FD09D7249DA70EDC08690
                                                                                                                                                                                                                                                                                                                                                      Function 00082B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00083908
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0008D730: GetInputState.USER32 ref: 0008D807
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00082B6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0008314E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5cf8ebd8e62fa7dc57b3f235c3db37da2167ae313ca7efadf413c5d7bc0f2e73
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ecc060f86283c3dc50cdc4a8e7eb6da9b24b18d43da8e5f46dbd09a4aef02602
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cf8ebd8e62fa7dc57b3f235c3db37da2167ae313ca7efadf413c5d7bc0f2e73
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DE0262130430452CA08BB30A8125FDB349BBD1712F40153EF0C2471A3CF2089894352
                                                                                                                                                                                                                                                                                                                                                      Function 000EDF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 000EDF40
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aac521a55d1cd570bcbeb68d652475fb9daf4a5455b4c10a3891bfd6fed0cd93
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ad87db5338e9e3477867dbceec97d705fe64b037d8c27195abf8a649b535eb5a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aac521a55d1cd570bcbeb68d652475fb9daf4a5455b4c10a3891bfd6fed0cd93
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3D05EA2A002282BDF64A6749D0DDF73AACDB40214F0006A078ADD3152EA20DD8486F0
                                                                                                                                                                                                                                                                                                                                                      Function 000C039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,000C0704,?,?,00000000,?,000C0704,00000000,0000000C), ref: 000C03B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5f48e4fd4080b37f5878791928a6febded55e4ed6d6b692e44bb8c761c448c50
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1df064ff4a0b5895cd09748179484ec0b7da2502b5cb4f013a95ea608a1d4e54
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f48e4fd4080b37f5878791928a6febded55e4ed6d6b692e44bb8c761c448c50
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33D06C3208010DFBDF029F84DD06EDA3BAAFB48714F018000BE1856020C732E861AB90
                                                                                                                                                                                                                                                                                                                                                      Function 00081CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00081CBC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: df55ec14941adcacd5a3001a0bc3cd91f0051c8759cb59e5ef47e46b8dc8f932
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 462480e46fe3ee48928e94add62487a99e62bebf7f8a8928f2458abd13cf2e47
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df55ec14941adcacd5a3001a0bc3cd91f0051c8759cb59e5ef47e46b8dc8f932
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93C092363C0305EFF25A8B80BD5AF907765B349B12F048401F609ADDF3D3B228A0EA91

                                                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 00119576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00099BB2
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0011961A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0011965B
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0011969F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 001196C9
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 001196F2
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 0011978B
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 00119798
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 001197AE
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 001197B8
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 001197E9
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00119810
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,00117E95), ref: 00119918
                                                                                                                                                                                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0011992E
                                                                                                                                                                                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00119941
                                                                                                                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 0011994A
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 001199AF
                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 001199BC
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 001199D6
                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 001199E1
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00119A19
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00119A26
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00119A80
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00119AAE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00119AEB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00119B1A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00119B3B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00119B4A
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00119B68
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00119B75
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00119B93
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00119BFA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00119C2B
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00119C84
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00119CB4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00119CDE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00119D01
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00119D4E
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00119D82
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099944: GetWindowLongW.USER32(?,000000EB), ref: 00099952
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00119E05
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 05ec46dc662e90f7a3a137c206336c4bb93302ec35e33eb2d84df6a8c7cbe3d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4b14c7b6aec70d7fb807b4ee7f563569111ea652b08767973c952fc08e095062
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05ec46dc662e90f7a3a137c206336c4bb93302ec35e33eb2d84df6a8c7cbe3d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B428D74204201EFDB29CF24CD54BEABBE5FF89314F144629F6A9876A1D731A890CF91
                                                                                                                                                                                                                                                                                                                                                      Function 00114873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 001148F3
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00114908
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00114927
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0011494B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0011495C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0011497B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 001149AE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 001149D4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00114A0F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00114A56
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00114A7E
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00114A97
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00114AF2
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00114B20
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00114B94
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00114BE3
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00114C82
                                                                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00114CAE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00114CC9
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00114CF1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00114D13
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00114D33
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00114D5A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7aa407fa983fbab1562250008559949384763a7216645e038d960e44213ee1a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 667cb78262705e6291ad0d19d28744b53f7bcc8e457c4ffc9db909a710dbf2c6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7aa407fa983fbab1562250008559949384763a7216645e038d960e44213ee1a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E312EF71640215ABEB288F68CC49FEE7BF8EF45B10F144129F516EB2E1DB749981CB90
                                                                                                                                                                                                                                                                                                                                                      Function 0009F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0009F998
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 000DF474
                                                                                                                                                                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 000DF47D
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000009), ref: 000DF48A
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 000DF494
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 000DF4AA
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000DF4B1
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 000DF4BD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 000DF4CE
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 000DF4D6
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 000DF4DE
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 000DF4E1
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000DF4F6
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 000DF501
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000DF50B
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 000DF510
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000DF519
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 000DF51E
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000DF528
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 000DF52D
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 000DF530
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 000DF557
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5617a487109db78db656c91297d509d21b55535f22d0a3d1f6390d0f4cd3749d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d3f0e28ab01514a1e7d824862ebc47ec3e004722245764bf900e35a4df8cccc6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5617a487109db78db656c91297d509d21b55535f22d0a3d1f6390d0f4cd3749d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41315271A80318BBEB256BB55D4AFFF7E6DEB44B50F108026F601E62D1D6B05D40AEA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000E170D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000E173A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E16C3: GetLastError.KERNEL32 ref: 000E174A
                                                                                                                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 000E1286
                                                                                                                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 000E12A8
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000E12B9
                                                                                                                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 000E12D1
                                                                                                                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 000E12EA
                                                                                                                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 000E12F4
                                                                                                                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 000E1310
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,000E11FC), ref: 000E10D4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10BF: CloseHandle.KERNEL32(?,?,000E11FC), ref: 000E10E9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: af3a500e2b6f6fe1022dcc9f70af8f3695657766fc8ba2f86a7ff892d1bd50d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b73851bee525cfb88937fd0976a675b12b86441897ba7cfacfbc0678dd0dd46
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af3a500e2b6f6fe1022dcc9f70af8f3695657766fc8ba2f86a7ff892d1bd50d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8181BFB1900289AFDF259FA5DD49FEE7BB9EF08700F148129F910F62A1C7708984CB61
                                                                                                                                                                                                                                                                                                                                                      Function 000E0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 000E1114
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E1120
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E112F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E1136
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 000E114D
                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 000E0BCC
                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 000E0C00
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 000E0C17
                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 000E0C51
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 000E0C6D
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 000E0C84
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 000E0C8C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 000E0C93
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 000E0CB4
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 000E0CBB
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 000E0CEA
                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 000E0D0C
                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 000E0D1E
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000E0D45
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E0D4C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000E0D55
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E0D5C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000E0D65
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E0D6C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 000E0D78
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E0D7F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1193: GetProcessHeap.KERNEL32(00000008,000E0BB1,?,00000000,?,000E0BB1,?), ref: 000E11A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,000E0BB1,?), ref: 000E11A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,000E0BB1,?), ref: 000E11B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1bfbb114c73cccb016a68aad6715c3a99315f20756cded3289c118fa421ad705
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 63ad4c22ce1fedd5c2055f9526f6d730d1c34a4826007469e0e68c06f86e1208
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bfbb114c73cccb016a68aad6715c3a99315f20756cded3289c118fa421ad705
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66718A7694024AEFDF10DFA5DD44BEEBBB8BF08300F148115F914B6191D7B5AA85CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000FEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(0011CC08), ref: 000FEB29
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 000FEB37
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 000FEB43
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 000FEB4F
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 000FEB87
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 000FEB91
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 000FEBBC
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 000FEBC9
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 000FEBD1
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 000FEBE2
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 000FEC22
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 000FEC38
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000F), ref: 000FEC44
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 000FEC55
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 000FEC77
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 000FEC94
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 000FECD2
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 000FECF3
                                                                                                                                                                                                                                                                                                                                                      • CountClipboardFormats.USER32 ref: 000FED14
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 000FED59
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eda0094632f55e4bae93f90d2cb1baa937498ddb80110fd94bf5305423f26382
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0aa7d2c2dd13a1e394b533f69db56a336429f62323f7fbba0ea16a3b3caa6477
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eda0094632f55e4bae93f90d2cb1baa937498ddb80110fd94bf5305423f26382
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B61ED34204345AFD314EF24C884FBA77E4BF84714F088519F58697AA2CB31D986DBA2
                                                                                                                                                                                                                                                                                                                                                      Function 000F698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000F69BE
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000F6A12
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 000F6A4E
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 000F6A75
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 000F6AB2
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 000F6ADF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a7685270fe816b16b6bf23ef90f4cdda125288e7375ad45e7f2a8a06154aa30
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: acbbf5764a983dab0eead59628ea50c17b8b59ac5fb0af3855fdf2e7bdcc9bec
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a7685270fe816b16b6bf23ef90f4cdda125288e7375ad45e7f2a8a06154aa30
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81D15E72508300AAC714EBA4C881EFBB7ECBF98704F444929F589D7192EB75DA44CB62
                                                                                                                                                                                                                                                                                                                                                      Function 000F9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 000F9663
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 000F96A1
                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 000F96BB
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 000F96D3
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000F96DE
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 000F96FA
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 000F974A
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00146B7C), ref: 000F9768
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 000F9772
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000F977F
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000F978F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a3881b43223c47dcd8e6ac7b3f6ea402d49c0106c748c71160e15e0bea4b876
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 42da4955cbfe76c920e3e4b786649b3e96197279c6838671f278b07ff9ad29ab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a3881b43223c47dcd8e6ac7b3f6ea402d49c0106c748c71160e15e0bea4b876
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B831E23264031D6BCB14AFB4DC08BEE77ECAF0A321F148065FA14E24A0DB34DD809A50
                                                                                                                                                                                                                                                                                                                                                      Function 000F979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 000F97BE
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 000F9819
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000F9824
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 000F9840
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 000F9890
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00146B7C), ref: 000F98AE
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 000F98B8
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000F98C5
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000F98D5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 000EDB00
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 53565c5cafc403b0a57685c2a333d312dbeb9c5fe72bd043ab4aa1ab8aee6b6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef5771c0dcd5183ab4f9161f7bab48f07196d3f384122f13ebd8be3f7a36e6a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53565c5cafc403b0a57685c2a333d312dbeb9c5fe72bd043ab4aa1ab8aee6b6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8331F43154021D6EDB24EFB4DC48BEE77ACEF46361F148165F910A24A1DB34DE86DB60
                                                                                                                                                                                                                                                                                                                                                      Function 0010BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0010B6AE,?,?), ref: 0010C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0010BF3E
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0010BFA9
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0010BFCD
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0010C02C
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0010C0E7
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0010C154
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0010C1E9
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0010C23A
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0010C2E3
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0010C382
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0010C38F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2544e24c5e9285ffa6086ecb805cc1562a5558d3ba09846c6de04d08de196547
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e29a3dd1d61704b8f34096f682a49ae68950fe619502a58f42f4bdb9104cd92
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2544e24c5e9285ffa6086ecb805cc1562a5558d3ba09846c6de04d08de196547
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1024B706042009FD714DF24C895E6ABBE5FF49304F19859DF88ACB2A2DB71ED45CB91
                                                                                                                                                                                                                                                                                                                                                      Function 000ED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00083A97,?,?,00082E7F,?,?,?,00000000), ref: 00083AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EE199: GetFileAttributesW.KERNEL32(?,000ECF95), ref: 000EE19A
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000ED122
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 000ED1DD
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 000ED1F0
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 000ED20D
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 000ED237
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000ED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,000ED21C,?,?), ref: 000ED2B2
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 000ED253
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000ED264
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5475792c16457f505a5ae338e7bcdde3175658ef476d10dfbe964d4b5e6c6ca9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9dcef9c56e06524e198cd05169c2ba82c3f64bc5fde422770309d0dcbaabbdd8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5475792c16457f505a5ae338e7bcdde3175658ef476d10dfbe964d4b5e6c6ca9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF614931805149AECF05FBE1CA529FDB7B5AF65300F64416AE44277192EB319F09CB61
                                                                                                                                                                                                                                                                                                                                                      Function 000FED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 501287215a43342c7b14063f638d59fbfe22926d984bd0f0fb6d44f6a5629137
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 27982d47cf4dbf99dda8596a7a83d0da6194c98ab315ab097d2a77dbe8aabe59
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 501287215a43342c7b14063f638d59fbfe22926d984bd0f0fb6d44f6a5629137
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E41AC35204651AFE324DF15E888B69BBE5BF44328F14C0A9E5598BB72C735EC81CBD0
                                                                                                                                                                                                                                                                                                                                                      Function 000EE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000E170D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000E173A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E16C3: GetLastError.KERNEL32 ref: 000E174A
                                                                                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 000EE932
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                      • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aba28c001abfad1d735f7481cea61c4c4d7f646931938f6f3dd5344b7db11ceb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7c9c1240443cc14245ebbdaae96ad1406fcd27540ec34ef9e72e0de3f0208af
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aba28c001abfad1d735f7481cea61c4c4d7f646931938f6f3dd5344b7db11ceb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE012672610299AFEBA462B6DC86FFF72DC9714740F144421F802F31E3E6A09C8481E0
                                                                                                                                                                                                                                                                                                                                                      Function 00101204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00101276
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00101283
                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 001012BA
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 001012C5
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 001012F4
                                                                                                                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00101303
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 0010130D
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 0010133C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e6e76eb70143fbb47f52a3523d5fcb2b90631e48cbd9472737bfbd8c55aa241d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7e5ca803aba78d551d1bffb56e829992cb284b6cb8556051b639f20a93f1657d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6e76eb70143fbb47f52a3523d5fcb2b90631e48cbd9472737bfbd8c55aa241d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38419231600110AFD714DF68C584B69BBE6BF46318F288198E8968F2D7C7B5EC81CBE1
                                                                                                                                                                                                                                                                                                                                                      Function 000ED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00083A97,?,?,00082E7F,?,?,?,00000000), ref: 00083AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EE199: GetFileAttributesW.KERNEL32(?,000ECF95), ref: 000EE19A
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000ED420
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 000ED470
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 000ED481
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000ED498
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000ED4A1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c9ca14047a2024fd9c0793c2e6d4a3c4fd65839da42e0365c4e8168c212231f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed74945eaedd13a7b957fbb8f57f6ea4e70cee5096d4213297f5ae4472be71eb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c9ca14047a2024fd9c0793c2e6d4a3c4fd65839da42e0365c4e8168c212231f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1313E710083859FC205FF64D8518EF77E8BFA6314F444A1EF4D162192EB30AA098763
                                                                                                                                                                                                                                                                                                                                                      Function 000BE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e248a312aaa110503069fb610dad51880dce8abf84ecc74d5c56e99b89c0e02f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 032fc2c3a952e09349e41f46160e12ce69322e5a0d560f68900ea03c48265d89
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e248a312aaa110503069fb610dad51880dce8abf84ecc74d5c56e99b89c0e02f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03C23872E086298FDB65CE28DD407EAB7F5EB49305F1441EAD84EE7241E774AE818F40
                                                                                                                                                                                                                                                                                                                                                      Function 000F648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F64DC
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 000F6639
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0011FCF8,00000000,00000001,0011FB68,?), ref: 000F6650
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 000F68D4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5644946d29408416a476b306afc2126b1dffc3dfa6edbf27c3b3f2bf511906ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 322de80e2f1b443421a29bb1d6b5dc0475f70aab17fbe85eabceda23fd9820c3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5644946d29408416a476b306afc2126b1dffc3dfa6edbf27c3b3f2bf511906ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7D15971508205AFD304EF24C881EABB7E8FF94704F14496DF5959B2A2EB71E905CBA2
                                                                                                                                                                                                                                                                                                                                                      Function 001022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 001022E8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000FE4EC: GetWindowRect.USER32(?,?), ref: 000FE504
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00102312
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00102319
                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00102355
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00102381
                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 001023DF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b103ab9259e162ec4c63d3da214f84da127bc605bc536d6adc65bad4f79bd073
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ad3da16393511d48c8145e7cdb56a20b5fd65f96578290d81b32bc8d2d1d4908
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b103ab9259e162ec4c63d3da214f84da127bc605bc536d6adc65bad4f79bd073
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE31E272504355AFC724DF15C849B9BBBEAFF88310F004919F985AB191DB74E948CBD2
                                                                                                                                                                                                                                                                                                                                                      Function 000F9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 000F9B78
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 000F9C8B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000F3874: GetInputState.USER32 ref: 000F38CB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000F3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 000F3966
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 000F9BA8
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 000F9C75
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1d66ea326370aa7a6ac12a1e048fd3b425a168d35d8be8d1c02b9adcb6b9bb62
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0976c017331edccd87b1d5da156ee8cb6941abc64e38eef6c4782933ce4957c7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d66ea326370aa7a6ac12a1e048fd3b425a168d35d8be8d1c02b9adcb6b9bb62
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F415C7194420EABCF54EFA4C985BEEBBF8FF05310F244056E905A2591EB309E84DFA1
                                                                                                                                                                                                                                                                                                                                                      Function 0009997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00099BB2
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 00099A4E
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00099B23
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00099B36
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5684a5e6cff9229fca6cd16a6733fcfe3f73d1dc91935a2a78ca008ee4c3cdab
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bad8f50f32a1183c572048cb1d162d4cd10a1bc284bde84565e1acf61721cff3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5684a5e6cff9229fca6cd16a6733fcfe3f73d1dc91935a2a78ca008ee4c3cdab
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38A10770208604BFEF799A3C8C98EBF26DDEB46300B15411EF512DAAD1DB259D41E2B3
                                                                                                                                                                                                                                                                                                                                                      Function 00101806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0010307A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010304E: _wcslen.LIBCMT ref: 0010309B
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0010185D
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00101884
                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 001018DB
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 001018E6
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00101915
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a2a311b2c1eadf4fc58782ce0b6a320ced7b4f770e3aeaf59cc39652a8e9cbc5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7770c8a4d986f7e8ce49ea7c5a1a6440c76169f4be8216eaf70241212e32eca4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2a311b2c1eadf4fc58782ce0b6a320ced7b4f770e3aeaf59cc39652a8e9cbc5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B519371A00210AFEB10AF24C886FAA77E5AB44718F54C058FA595F2D3C775AD418BA1
                                                                                                                                                                                                                                                                                                                                                      Function 00111C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c174f4586617e96167814c4768f5cc5e45b9db6c4f9e1d2fe4321fb871be77e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8fec8a2f9ab39ee1c53b879466c994c1891c558156d0436b5c6363532d375bde
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c174f4586617e96167814c4768f5cc5e45b9db6c4f9e1d2fe4321fb871be77e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E221D6317802116FE7288F1AD844B9ABBA5FF95314B198078E9498B352C771DC82CBD0
                                                                                                                                                                                                                                                                                                                                                      Function 00088060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3f019e1a713a4e034e2a1416670969b2d3bed22cddbacf70d83d69380bb29270
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9805873552a416f3b216dbbd0e89d66d52bbbd3cdb7100e41e40720497f0a3d0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f019e1a713a4e034e2a1416670969b2d3bed22cddbacf70d83d69380bb29270
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DA28F75E0061ACBDF74DF58C844BAEB7B1BF54310F6481AAE855A7281EB319E81CB50
                                                                                                                                                                                                                                                                                                                                                      Function 000EAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 000EAAAC
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 000EAAC8
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 000EAB36
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 000EAB88
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d0c09464058b2920a15a61c4afceb1b1f8feaed344d410de91d6d08d005c75c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f2466028ede8789cee73402551e594f23d263675bd574655b9ac68490f71854f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d0c09464058b2920a15a61c4afceb1b1f8feaed344d410de91d6d08d005c75c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2731FC70B40288AEFF358A66CC05BFE77E6AB5A310F04421AF581B61D2D375A985C752
                                                                                                                                                                                                                                                                                                                                                      Function 000BBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BBB7F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000), ref: 000B29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: GetLastError.KERNEL32(00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000,00000000), ref: 000B29F0
                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32 ref: 000BBB91
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,?,0015121C,000000FF,?,0000003F,?,?), ref: 000BBC09
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,?,00151270,000000FF,?,0000003F,?,?,?,0015121C,000000FF,?,0000003F,?,?), ref: 000BBC36
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 806657224-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3fd7187676d25f2985078e7cb8143678b8aa7a62ddaf96bd96530ec62f522055
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bbff5909e8e0c30f1d75b667e8a2b7b0f48ac2db79248627c2b495ade5ea27fb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fd7187676d25f2985078e7cb8143678b8aa7a62ddaf96bd96530ec62f522055
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED31D270944205EFCB12DF68CC809ADBFF8FF45710B24466AE020EB6A2D7B09E80CB50
                                                                                                                                                                                                                                                                                                                                                      Function 000FCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 000FCE89
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 000FCEEA
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000), ref: 000FCEFE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b3697845bcd713076469b0079b009377ef1a1abf351a246d781a16e377c22c02
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 542ff4ba828f9761eac941c8e37c1b645933bd1f5e90ee98d836dca759f766ff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3697845bcd713076469b0079b009377ef1a1abf351a246d781a16e377c22c02
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7421AE7154070D9BE730CFA5CA46FAAB7F8EB40354F10842AE64692951E770EE489B90
                                                                                                                                                                                                                                                                                                                                                      Function 000E8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 000E82AA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aa7272dc7e57cd4be3db246b8b8bf685d19d5dda1d5c1382937029f8a55e3fd6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6c49c93b19552786585447d2f1e69e79d99a9592bf134503afdb571d573b0664
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa7272dc7e57cd4be3db246b8b8bf685d19d5dda1d5c1382937029f8a55e3fd6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A322774A047459FCB28CF69C481A6AB7F0FF48710B15C56EE59AEB3A1EB70E941CB40
                                                                                                                                                                                                                                                                                                                                                      Function 000F5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000F5CC1
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 000F5D17
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 000F5D5F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c9ee5b42251418e93bb6bfc88c79d6cf5da9ea47d405d502eb28389804fa8068
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30b520f9fc29017a4ffeb431b355fc8738ab47c36c8c627a2af96ee8cce6fbfb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9ee5b42251418e93bb6bfc88c79d6cf5da9ea47d405d502eb28389804fa8068
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A451AE34604A059FD714DF28C894EAAB7E4FF4A314F14855DEA9A8B7A2CB30ED44CF91
                                                                                                                                                                                                                                                                                                                                                      Function 000B2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 000B271A
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 000B2724
                                                                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 000B2731
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6289dbf3211835fa16d794a6201ac85ba9169842065b8bed813614465081a0bd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c6ad9ed812e481b602aa913715fc71077a028cccb03623977e00e92b8bcb2d59
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6289dbf3211835fa16d794a6201ac85ba9169842065b8bed813614465081a0bd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E131C47595121C9BCB61DF68DD887D8B7B8AF18310F5041EAE41CA7261EB309F818F45
                                                                                                                                                                                                                                                                                                                                                      Function 000F51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 000F51DA
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 000F5238
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 000F52A1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dee61d682ac8670ca8c06e3e8efcac062174d587c794a39353368ac535cbb428
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9d3497f53ff3b57e09adf885ce0e545c76d04ea243919ef0712351007c200daf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dee61d682ac8670ca8c06e3e8efcac062174d587c794a39353368ac535cbb428
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE312975A00518DFDB00EF54D884EADBBB4FF49318F088099E949AB262DB31E855CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 000A0668
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 000A0685
                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000E170D
                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000E173A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000E174A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: def3725f5c8f7a7e0ada73b2e7d2956c4fc670438c004ac7feba74c476917e80
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bd50199f4395319c68e909c9afdc23a065d63335d653f5f887f61f00b0deec8a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: def3725f5c8f7a7e0ada73b2e7d2956c4fc670438c004ac7feba74c476917e80
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D11C1B2414305AFD7189F54DC86DABB7F9EB04714B20852EF09697641EB70BC41CA60
                                                                                                                                                                                                                                                                                                                                                      Function 000ED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 000ED608
                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 000ED645
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 000ED650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2cd839e537be4cd0adbc2622bd71b2d2c7320bcb95f95476843033f65f103c22
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d5ccf2b1b8c4b73b2d3cfccd45a1f2d672e7f553035ca0efeeaf9ad5a313de1d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cd839e537be4cd0adbc2622bd71b2d2c7320bcb95f95476843033f65f103c22
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2117C71E41228BFDB208F959C44FEFBBBCEB45B50F108112F914E7290C2704A018BE1
                                                                                                                                                                                                                                                                                                                                                      Function 000E1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 000E168C
                                                                                                                                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 000E16A1
                                                                                                                                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 000E16B1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7e9da84ddb22e4a87faefe5fd96d8d6825f3a33da382a915df9bf6ebdb580d62
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 95cf7d9bffc4195431c86788dcbb1b346554cfd5f1c3497fe9dbd22423f470bc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e9da84ddb22e4a87faefe5fd96d8d6825f3a33da382a915df9bf6ebdb580d62
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5F0F475990309FBDB00DFE49D89EEEBBBCEB08604F508565E501E2181E774AA448A90
                                                                                                                                                                                                                                                                                                                                                      Function 000ACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 73ae59b3fe0bc185b992b2408c2ed3b48c5f63c7bf71b51f6d36c8bf7c23bcea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32021D71E002199FEF14CFA9C880AADFBF1EF49324F258169D919E7385D731AD418B94
                                                                                                                                                                                                                                                                                                                                                      Function 000F68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000F6918
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000F6961
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 57262118ba17aaf08062105a3bcf87a87e4f733ba9ed419d6ef1997df0f2b5b1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 17a684d0efb9d27c05bebd6daa8a4cfecd3e7edf19fa86d6cd1fdb5d4074e651
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57262118ba17aaf08062105a3bcf87a87e4f733ba9ed419d6ef1997df0f2b5b1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0711D0316082109FD710DF29D484A26BBE5FF85328F14C6A9E5698F6A2CB71EC45CB90
                                                                                                                                                                                                                                                                                                                                                      Function 000F37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00104891,?,?,00000035,?), ref: 000F37E4
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00104891,?,?,00000035,?), ref: 000F37F4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 76051f18cf25f7e3d1778db813bb284f09b0759a91c2cb17805db0c5a50aee8e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 85678e76e3cb3aa532d99a6271d175258a98881f58153ded879e0c98daf4d7b5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76051f18cf25f7e3d1778db813bb284f09b0759a91c2cb17805db0c5a50aee8e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F0E5B06083282AE72027669C4DFEB3AAEEFC5771F000175F609D2682D9A09984C7F0
                                                                                                                                                                                                                                                                                                                                                      Function 000EB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 000EB25D
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 000EB270
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7562df6da0fd9156caea4750daee0afdea6182b1c3e441710f7f82bd43f5001a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bfe74153dfb559b5d2e3446e4f866e353ae5c1f98a4c5b6843c8be15f54bdfaf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7562df6da0fd9156caea4750daee0afdea6182b1c3e441710f7f82bd43f5001a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEF01D7194428EAFDB159FA1C805BEE7BB4FF04305F00800AF955A5191C77986519F94
                                                                                                                                                                                                                                                                                                                                                      Function 000E10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,000E11FC), ref: 000E10D4
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,000E11FC), ref: 000E10E9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93b323eee562dc7b22e18c224a20f0d66a31ee648693af4170eb6ea0e87f9120
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cbc48bfbd9a1e3dc157373055d258b2fdcd83ec7f27c90da04d30ee17a16c3df
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93b323eee562dc7b22e18c224a20f0d66a31ee648693af4170eb6ea0e87f9120
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CE0BF72058611AFEB252B51FD05EB777E9EB04310B24C82DF5A5804B1DB726CD0EB50
                                                                                                                                                                                                                                                                                                                                                      Function 0008CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • Variable is not of type 'Object'., xrefs: 000D0C40
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ed4777df5085b4926a3eace29db136e8e2bff806cef60a5ba9a3096784100e3f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bc32cab60c92089540737886ee29e1f655eb767cdeaeb9fd91601d40b2950140
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed4777df5085b4926a3eace29db136e8e2bff806cef60a5ba9a3096784100e3f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3325B70900318DBEF24EF94D881FEDB7B5BF05304F14806AE98AAB292D775AD45CB61
                                                                                                                                                                                                                                                                                                                                                      Function 000B676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,000B6766,?,?,00000008,?,?,000BFEFE,00000000), ref: 000B6998
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 113a30bbf09a4ad5d1c0fd48df550c7b59d2282f195d2bfbeb9d7b37478251aa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 83323c766bed9c7aa74c7ddfde987c03ae3aff3a6f4c92b9cca622ea4119eaa0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 113a30bbf09a4ad5d1c0fd48df550c7b59d2282f195d2bfbeb9d7b37478251aa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8B14D31510608DFDB55CF28C486BA57BE0FF45364F298658E899CF2A2C73AE991CF40
                                                                                                                                                                                                                                                                                                                                                      Function 0009B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5762cbc03abbb18d59e9bd932689a91cb164cde3d2ed71cfcbacd687700fbfa6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d21901a171d712a7e1559329309d50e9263ada8962b2f55f0ad0f9dcfce60764
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5762cbc03abbb18d59e9bd932689a91cb164cde3d2ed71cfcbacd687700fbfa6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E91250719002299BCF64CF58D9816EEB7F5FF48710F1481AAE849EB255DB309E81DFA0
                                                                                                                                                                                                                                                                                                                                                      Function 000FEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 000FEABD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 81edbcf26d3ae7c7098cfce7e3fd13a88ca6d56fc7e46bdf4d4b17f82458e78a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 60e933141769de00b3897f9fa92063abe066dd069d99bfbaca7113b895e54e26
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81edbcf26d3ae7c7098cfce7e3fd13a88ca6d56fc7e46bdf4d4b17f82458e78a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E04F312002149FD710EF59D804E9AFBE9BF98760F008426FD49C7762DB70F8408BA1
                                                                                                                                                                                                                                                                                                                                                      Function 000A09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,000A03EE), ref: 000A09DA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 76e7ef7d279392fbc74b9feab27163a5d2abb489fffebd319ffaffbcba717f95
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9f97e2d9c13a96d1bc434b1030ec0e1e0f810483272e3232abb3c1d341a86a4a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76e7ef7d279392fbc74b9feab27163a5d2abb489fffebd319ffaffbcba717f95
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                      Function 000A781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3856a61d9ca5074bcd040aae3a6fb17492d9419b256485c787458efbb1547b25
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7851776268C6056BDBB885E88C597FF23C99B53340F18C51AD88EC7283CE19DE05D352
                                                                                                                                                                                                                                                                                                                                                      Function 000B6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7db232c7b343057f32c5ff428c16061aeb5b0c4732a4139067f1d8a0a7ac12a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c89f56978d3a125657a1027d89e2b12bd3c1774abfb8c6ea630e0b7c4836473b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7db232c7b343057f32c5ff428c16061aeb5b0c4732a4139067f1d8a0a7ac12a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B321222D29F015DD7339634C82233AA689AFB73C5F15D737E81AB5DA6EB29C4C35100
                                                                                                                                                                                                                                                                                                                                                      Function 0009CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3e7676e7313cb51033483db61af4e06411b0df46b2f456349751fb8581af8174
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2300e91583ddeb4b4cdab3516a559f499c0c4eac4cfd69c2bb015ef6059b6147
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e7676e7313cb51033483db61af4e06411b0df46b2f456349751fb8581af8174
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D322371A043468BFF78CA68C494E7D7BE1EB45314F28856BD49ACB391D230DD81EB61
                                                                                                                                                                                                                                                                                                                                                      Function 00087920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9bb91222ce500bb0dd3fbd7af0a3ebd8c39d127464e8987ad4286a589c65bb6b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9d38a0e1d19aed8cadb5f2add4ac25d1bffeb9fa440f199932695339af018520
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bb91222ce500bb0dd3fbd7af0a3ebd8c39d127464e8987ad4286a589c65bb6b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9522AE74A0460A9FDF14DFA4C881BEEB7F6FF44300F244529E856A7291EB36EA51CB50
                                                                                                                                                                                                                                                                                                                                                      Function 000891C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 912d1db6cd6761d8c8bf32fa03285279d7b75c3b8b583494a6a307d4cd72d4f3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16c5a7204c4bb44bca9d1440be2501978f9d88170dbaecd01c59ebb2d1992799
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 912d1db6cd6761d8c8bf32fa03285279d7b75c3b8b583494a6a307d4cd72d4f3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F02A4B0A0020AEFDF14EF54D881BAEB7B5FF44300F158169E856DB291EB31AE51DB91
                                                                                                                                                                                                                                                                                                                                                      Function 000A1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8a48decaa2e8ae9f4a49c255f80861ba32f43ba6ac0515066419a75183e4f762
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF9165722080A34ADB6986BE85740BEFFE15F933B1B1A079DD4F2CA1C5FE249954D620
                                                                                                                                                                                                                                                                                                                                                      Function 000A19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: abebc7abf7dfdf7affb25862162154e56f5aac18af6c97fd6247a85b23b1d731
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D69144722090A34EDBAD46BA85740BEFFE15B933A2B1E079DD4F2CA1C1FE24C555D620
                                                                                                                                                                                                                                                                                                                                                      Function 000A7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7ed6b4cc33c10af53fb601c6239d666ed7e9a39fdbbad63e10d6a6af2c6ac6ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5e9e19d049fc1853a08cec7712c1e494d76e5f47873adf1ca1ba302714661ad
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ed6b4cc33c10af53fb601c6239d666ed7e9a39fdbbad63e10d6a6af2c6ac6ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10617BB131870966DAB499E88C95BFF23D8DF93340F14C91DE94ECB282D7119E42C366
                                                                                                                                                                                                                                                                                                                                                      Function 000A7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b4fa3c1bbdd1fc23d8c8d8fa22c575cf8cc93f66d6caa9ea6d99cda7fa32c6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 242a6aaa97026afd88e08314b5fda1f50f85f5666b7258c5ea3b7683813e21a0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b4fa3c1bbdd1fc23d8c8d8fa22c575cf8cc93f66d6caa9ea6d99cda7fa32c6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C617A7160870956DEB88AE84C65BFF23F8EF47700F14C959E94FDF282EA129D428355
                                                                                                                                                                                                                                                                                                                                                      Function 000A1706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d718220222310adcafec7412a763e980eb8841461cca7f105fe3b4effc325afc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6481637260D0A30DDBAD42BA85344BEFFE15F933A1B1A079DD4F2CA1C1EE24C954E620
                                                                                                                                                                                                                                                                                                                                                      Function 000F2046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc85874da260bbfe538e0d0bf02a09cc3865fdd534188e30b513496e6895ab73
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a16e4f61193f7f07c2cd369be4eb0591da505365f314b3e08f2b95f532a76fe7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc85874da260bbfe538e0d0bf02a09cc3865fdd534188e30b513496e6895ab73
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0021B7336206158BDB28CF79C8236BE73E5A764310F15862EE4A7C77D1DE39A944DB80
                                                                                                                                                                                                                                                                                                                                                      Function 00102ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00102B30
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00102B43
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00102B52
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00102B6D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00102B74
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00102CA3
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00102CB1
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00102CF8
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00102D04
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00102D40
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00102D62
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00102D75
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00102D80
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00102D89
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00102D98
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00102DA1
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00102DA8
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00102DB3
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00102DC5
                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,0011FC38,00000000), ref: 00102DDB
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00102DEB
                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00102E11
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00102E30
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00102E52
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0010303F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f35d36248564fb7e2e11e64f3ead43f03a36992fb5be77d07252f8c7944ef780
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7d87ae8d94b2971e40d29b9db82516d5c18f7acf3a3cb0ec2f132f1fa89fdbef
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f35d36248564fb7e2e11e64f3ead43f03a36992fb5be77d07252f8c7944ef780
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7027B71900215EFDB18DFA4CD89EEE7BB9FB49711F108158F915AB2A1CB70AD41CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 001170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0011712F
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00117160
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0011716C
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 00117186
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00117195
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 001171C0
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 001171C8
                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 001171CF
                                                                                                                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 001171DE
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 001171E5
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00117230
                                                                                                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,?), ref: 00117262
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00117284
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: GetSysColor.USER32(00000012), ref: 00117421
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: SetTextColor.GDI32(?,?), ref: 00117425
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: GetSysColorBrush.USER32(0000000F), ref: 0011743B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: GetSysColor.USER32(0000000F), ref: 00117446
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: GetSysColor.USER32(00000011), ref: 00117463
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00117471
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: SelectObject.GDI32(?,00000000), ref: 00117482
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: SetBkColor.GDI32(?,00000000), ref: 0011748B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: SelectObject.GDI32(?,?), ref: 00117498
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 001174B7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 001174CE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 001173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 001174DB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1060f06d27873f3bc3315bcd0ccbecdba4422868845188a7ec87cc97b817cedd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 36175e34b3bdb6371fcf73433aa47436e6f0474787b397b953d3591ec48b9cc2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1060f06d27873f3bc3315bcd0ccbecdba4422868845188a7ec87cc97b817cedd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DA1A272148301FFD7099F60DD48A9B7BBAFB89320F104A29F962961E1D770E985CB91
                                                                                                                                                                                                                                                                                                                                                      Function 00098D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?), ref: 00098E14
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 000D6AC5
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 000D6AFE
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 000D6F43
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00098F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00098BE8,?,00000000,?,?,?,?,00098BBA,00000000,?), ref: 00098FC5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 000D6F7F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 000D6F96
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 000D6FAC
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 000D6FB7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 46885bfed3c01c9a4285abd7e5c60e8b28437e452499a0669d39429d843321ed
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: daa28dbd54bc9dd04bbfcaf33cb8f4f681810a5fb2a194fa994dd2307b832709
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46885bfed3c01c9a4285abd7e5c60e8b28437e452499a0669d39429d843321ed
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC12AA30604301EFDB65CF24D958BAABBE1FB45314F14846AF4958B762CB32EC91DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 00102711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 0010273E
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0010286A
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 001028A9
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 001028B9
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00102900
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0010290C
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00102955
                                                                                                                                                                                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00102964
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00102974
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00102978
                                                                                                                                                                                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00102988
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00102991
                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 0010299A
                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 001029C6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 001029DD
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00102A1D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00102A31
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 00102A42
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00102A77
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00102A82
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00102A8D
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00102A97
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 231e87d4d14257ca7ed5a75026cab5fd1b3e930077b46fd44fecd7bcc1d46626
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2ea65e82e1bca57ab35fc2abe91402023bb5648f8aac15d8ade94bcf4df50933
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 231e87d4d14257ca7ed5a75026cab5fd1b3e930077b46fd44fecd7bcc1d46626
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDB14A71A40215BFEB14DFA8CD49FAE7BA9FB08721F108115F914EB691D7B0AD40CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000F4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 000F4AED
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,0011CB68,?,\\.\,0011CC08), ref: 000F4BCA
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,0011CB68,?,\\.\,0011CC08), ref: 000F4D36
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f0b08951bac2b324f6f6cd3db7c65aa9ce39be82e0c171dfab3761b6650c7564
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 739b070b1f5439beba611b146f0546385885b06dd1acd7357944474342b32549
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0b08951bac2b324f6f6cd3db7c65aa9ce39be82e0c171dfab3761b6650c7564
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D61253060120DDBCB94EF64CA819BE77B1FB45714B248015FD46ABA62CB31DD45FB92
                                                                                                                                                                                                                                                                                                                                                      Function 001173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00117421
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00117425
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0011743B
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00117446
                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 0011744B
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00117463
                                                                                                                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00117471
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00117482
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0011748B
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00117498
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 001174B7
                                                                                                                                                                                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 001174CE
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 001174DB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0011752A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00117554
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00117572
                                                                                                                                                                                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 0011757D
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 0011758E
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00117596
                                                                                                                                                                                                                                                                                                                                                      • DrawTextW.USER32(?,001170F5,000000FF,?,00000000), ref: 001175A8
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 001175BF
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 001175CA
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 001175D0
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 001175D5
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 001175DB
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 001175E5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b7ba4fd40328ae102281b5ff25c6bddee0ab566928477b11d216f2001071dbe5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c66e28defa88844ae7ff5d67b88b3513510a62a9d45406e97cd912eabb4ebd25
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7ba4fd40328ae102281b5ff25c6bddee0ab566928477b11d216f2001071dbe5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4615072944218FFDF099FA4DD49AEE7F7AEB08320F118125F915AB6E1D7709980CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00110FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00111128
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0011113D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00111144
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00111199
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 001111B9
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 001111ED
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0011120B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0011121D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 00111232
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00111245
                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 001112A1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 001112BC
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 001112D0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 001112E8
                                                                                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 0011130E
                                                                                                                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00111328
                                                                                                                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 0011133F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 001113AA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 56be2fd8be522219063b3ee6a8e8154044679cab546b5fc6fa248f84a2c68ba2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f92cbfdcc018d04ab12f6cd3378e90214d8f7734a188fb7d72a6b7ba3384ab2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56be2fd8be522219063b3ee6a8e8154044679cab546b5fc6fa248f84a2c68ba2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FB17E71604341AFD718DF64C985BAAFBE4FF88750F008928FA999B2A1D771D884CB91
                                                                                                                                                                                                                                                                                                                                                      Function 00098891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00098968
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 00098970
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0009899B
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 000989A3
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 000989C8
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 000989E5
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 000989F5
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00098A28
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00098A3C
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 00098A5A
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00098A76
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00098A81
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009912D: GetCursorPos.USER32(?), ref: 00099141
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009912D: ScreenToClient.USER32(00000000,?), ref: 0009915E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009912D: GetAsyncKeyState.USER32(00000001), ref: 00099183
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009912D: GetAsyncKeyState.USER32(00000002), ref: 0009919D
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,000990FC), ref: 00098AA8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b308e0d2bfaa4dd9b5e9fae45c0b6a409d9bffe6d8545d1782dbd9538e55d3c9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e0233d27e02546bd295d7b76a507aed7621b1ebb95300ee56e934f3a7948849f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b308e0d2bfaa4dd9b5e9fae45c0b6a409d9bffe6d8545d1782dbd9538e55d3c9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1B16C71A4020AEFDF14DF68CD45BEE7BB5BB48315F10822AFA15AB390DB34A841DB51
                                                                                                                                                                                                                                                                                                                                                      Function 000E0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 000E1114
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E1120
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E112F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E1136
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 000E114D
                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 000E0DF5
                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 000E0E29
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 000E0E40
                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 000E0E7A
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 000E0E96
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 000E0EAD
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 000E0EB5
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 000E0EBC
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 000E0EDD
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 000E0EE4
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 000E0F13
                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 000E0F35
                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 000E0F47
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000E0F6E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E0F75
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000E0F7E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E0F85
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000E0F8E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E0F95
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 000E0FA1
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E0FA8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1193: GetProcessHeap.KERNEL32(00000008,000E0BB1,?,00000000,?,000E0BB1,?), ref: 000E11A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,000E0BB1,?), ref: 000E11A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,000E0BB1,?), ref: 000E11B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: edf606659e3a43bb595a2542c6802a1f9b68c24df21d70f6eaee9cf1523defea
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4ab7668c84e75ad293141794cbd8f5e9cbecebd2b7e7209bff3a9971347102bb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: edf606659e3a43bb595a2542c6802a1f9b68c24df21d70f6eaee9cf1523defea
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF717D7294024AEFDF209FA5DD44BEEBBB8BF08300F048125F959B6591D7709D95CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0010C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0010C4BD
                                                                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,0011CC08,00000000,?,00000000,?,?), ref: 0010C544
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0010C5A4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010C5F4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010C66F
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0010C6B2
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0010C7C1
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0010C84D
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0010C881
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0010C88E
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0010C960
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4921c62012263f61638f6976fc9a40defa969a2569ec536283718cc8757ce40
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 410491d949096d18d7d18483f180861803678b2494e5e400fcde305a6969c0af
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4921c62012263f61638f6976fc9a40defa969a2569ec536283718cc8757ce40
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA1275352042019FDB14EF24C881B6AB7E5FF88314F15899DF89A9B3A2DB71ED41CB91
                                                                                                                                                                                                                                                                                                                                                      Function 0011091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 001109C6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00110A01
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00110A54
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00110A8A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00110B06
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00110B81
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009F9F2: _wcslen.LIBCMT ref: 0009F9FD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 000E2BFA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ed1e2a3588e19ebf900197db5a842085c190682799c47813b73421a1439df5c6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f75c5a135cd86b5ad586037d0761b2bb6c3396ec5db1dc5bc460adea178f2278
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed1e2a3588e19ebf900197db5a842085c190682799c47813b73421a1439df5c6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBE1D2356087418FCB19EF24C4509AAB7E1FF88314B15896CF899AB3A2D771EDC5CB81
                                                                                                                                                                                                                                                                                                                                                      Function 0010C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d1db21d288d2559b10429d1b6f2c9a8a66d88b11c3fda35375a8f0a1e06d684e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 73b8db2e50ad646510356ae5aa138134f64a49376bfd588da4cfb279337af2e9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1db21d288d2559b10429d1b6f2c9a8a66d88b11c3fda35375a8f0a1e06d684e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A071033260012A8BCB20DF6CC9515FB3391ABA1790B650724FCD6A72D5F7B0CD448BE0
                                                                                                                                                                                                                                                                                                                                                      Function 0011833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011835A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011836E
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00118391
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001183B4
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 001183F2
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0011361A,?), ref: 0011844E
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00118487
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 001184CA
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00118501
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0011850D
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0011851D
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?), ref: 0011852C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00118549
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00118555
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 88c7e435bb0fd54b95416f5969f3dfe7e6bc6eb4bd02e485856d7092d9d04f50
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 845eaaaefeec52b9eb501f81dfb184f4ef6e548769007e54d74d959da6e1107f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88c7e435bb0fd54b95416f5969f3dfe7e6bc6eb4bd02e485856d7092d9d04f50
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F161CF71540215BAEB18DF64CC41BFE77A8FB04B11F108619F915E61D2DFB4E990CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00087778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 61b767302fafc631ddc819b916fc67ebef04d7e0fd840606f0bce6853fc04b61
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2889c1bac2eace2893b0a04e6bbebe3682eb7d4fdc651b6ae6454a0413bfb06b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61b767302fafc631ddc819b916fc67ebef04d7e0fd840606f0bce6853fc04b61
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4681D271648605BBDB24BF60DC42FEE77A9BF16300F144038F849AA19BEB70D991D7A1
                                                                                                                                                                                                                                                                                                                                                      Function 000F3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 000F3EF8
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F3F03
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F3F5A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F3F98
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?), ref: 000F3FD6
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 000F401E
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 000F4059
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 000F4087
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7c92d980a23604b8cbc64f7088110ac26c7b8066ec5f5a01cbb433707ae54436
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e2fce1c47ec1eeac5c991152107ba4aa996f06a141822255ea2d5975fbb0df52
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c92d980a23604b8cbc64f7088110ac26c7b8066ec5f5a01cbb433707ae54436
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8971AD316042069FC310EF24C8809BBB7F4FF95768B10492DFA9697662EB31DE49CB91
                                                                                                                                                                                                                                                                                                                                                      Function 000E5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 000E5A2E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 000E5A40
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 000E5A57
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 000E5A6C
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 000E5A72
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 000E5A82
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 000E5A88
                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 000E5AA9
                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 000E5AC3
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000E5ACC
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000E5B33
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 000E5B6F
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000E5B75
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 000E5B7C
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 000E5BD3
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 000E5BE0
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 000E5C05
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 000E5C2F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3d38eb32614f9e1bf3e17eda1dc982fe43335a3144521806a167f03c7f9f5a47
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 565ee505203a616d82ce43de984bd91c103939c7e0edbe2c41bdac517132e4fc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d38eb32614f9e1bf3e17eda1dc982fe43335a3144521806a167f03c7f9f5a47
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0717E31900B49AFDB24DFA9CE85BAEBBF5FF48709F104918E142B26A0D775E940CB50
                                                                                                                                                                                                                                                                                                                                                      Function 000FFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 000FFE27
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 000FFE32
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 000FFE3D
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 000FFE48
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 000FFE53
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 000FFE5E
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F81), ref: 000FFE69
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 000FFE74
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F80), ref: 000FFE7F
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 000FFE8A
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 000FFE95
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 000FFEA0
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 000FFEAB
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 000FFEB6
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 000FFEC1
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 000FFECC
                                                                                                                                                                                                                                                                                                                                                      • GetCursorInfo.USER32(?), ref: 000FFEDC
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000FFF1E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: caf632caf5f01007eb8b6d73a6c63df5d87ad5dac546ffad0ffff6a672a22c3d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1741418475681e7abd77e47e85c960911e1d4dfc0d5cf78fdcc06d612c01a6f9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: caf632caf5f01007eb8b6d73a6c63df5d87ad5dac546ffad0ffff6a672a22c3d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 784153B0D4831AAADB10DFBA8C8586EBFE8FF04354B50453AE11DE7681DB789901CF91
                                                                                                                                                                                                                                                                                                                                                      Function 000A00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 000A00C6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0015070C,00000FA0,A7FF296C,?,?,?,?,000C23B3,000000FF), ref: 000A011C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,000C23B3,000000FF), ref: 000A0127
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,000C23B3,000000FF), ref: 000A0138
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 000A014E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 000A015C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 000A016A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 000A0195
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 000A01A0
                                                                                                                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 000A00E7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00A3: __onexit.LIBCMT ref: 000A00A9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 000A0122
                                                                                                                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 000A0154
                                                                                                                                                                                                                                                                                                                                                      • InitializeConditionVariable, xrefs: 000A0148
                                                                                                                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 000A0133
                                                                                                                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 000A0162
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bd96d84aa24c0fded895bac9a0b0d502e4569939c83907bacc28a7c8d265c0c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e04e33e06c0b5b3f83afb5756d8652f3c09541da6ea28b068fc824cd7fdc1c54
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd96d84aa24c0fded895bac9a0b0d502e4569939c83907bacc28a7c8d265c0c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9021F932785715ABEB155BE4AD06FE933E4EB4AB51F004139F801D6692DB7498408A90
                                                                                                                                                                                                                                                                                                                                                      Function 000E30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a2ea6864f2dd71c9b59f6212861c9489815c5a714763d006e3e5f89fdd2b4d45
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 335876df9c1b84ae481148ee9a62859602a6fbd54ef4c2fd44f71eb84a63622a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2ea6864f2dd71c9b59f6212861c9489815c5a714763d006e3e5f89fdd2b4d45
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BE1E132A00556AFCB289FB9C449BEEFFB5BF44710F548129E456B7281DB30AF858790
                                                                                                                                                                                                                                                                                                                                                      Function 000F44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00000000,00000000,0011CC08), ref: 000F4527
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F453B
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F4599
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F45F4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F463F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F46A7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009F9F2: _wcslen.LIBCMT ref: 0009F9FD
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00146BF0,00000061), ref: 000F4743
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 28236c6a7553bded3165be2ebd868ecd613bf91183744ee888da233536a722d5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 07d3a9b94b400c2f2e12c2afa4623b8eda01d0e3055f535c783c6ac731cd039e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28236c6a7553bded3165be2ebd868ecd613bf91183744ee888da233536a722d5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3B101316083029BC710EF28C890ABFB7E5BFA6724F50491DFA96C7692D730D945DB92
                                                                                                                                                                                                                                                                                                                                                      Function 0008326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00151990), ref: 000C2F8D
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00151990), ref: 000C303D
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 000C3081
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 000C308A
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(00151990,00000000,?,00000000,00000000,00000000), ref: 000C309D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 000C30A9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c5702002e2b79835a8e4cad88c4ef883b639eadaf7c3037a42be03f9cf9af72d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 496fa8ecec626dd3349a98220279b653de8fcea10637d47d12e1fa48b073cbe4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5702002e2b79835a8e4cad88c4ef883b639eadaf7c3037a42be03f9cf9af72d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E712671644209BEEB359F28CC49FEEBFA5FF01724F20422AF5146A5E1C7B1A950CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00116CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 00116DEB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00116E5F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00116E81
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00116E94
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00116EB5
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00080000,00000000), ref: 00116EE4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00116EFD
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00116F16
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00116F1D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00116F35
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00116F4D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099944: GetWindowLongW.USER32(?,000000EB), ref: 00099952
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e5272f5c4b882257727ad17972dc80d900a753a1525618eb67002a946044abc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd478484915ac3aa94323b73886509651c45dab32e3c5bedceccf461027142b7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5272f5c4b882257727ad17972dc80d900a753a1525618eb67002a946044abc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58717670244341AFDB29CF18D858BEABBE9FB89304F04452DF99987261C772A986CB51
                                                                                                                                                                                                                                                                                                                                                      Function 0011911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00099BB2
                                                                                                                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 00119147
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00117674: ClientToScreen.USER32(?,?), ref: 0011769A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00117674: GetWindowRect.USER32(?,?), ref: 00117710
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00117674: PtInRect.USER32(?,?,00118B89), ref: 00117720
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 001191B0
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 001191BB
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 001191DE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00119225
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0011923E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00119255
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00119277
                                                                                                                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 0011927E
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00119371
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b202432e82a8870a29655a1ff5d319c2dc5fe8bc2a4612d250554e4ea490989
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1fbf136a1db9306a7e595fc5bee74c640a2ebc0afa00fc9fc1ca146e2ac1b6cc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b202432e82a8870a29655a1ff5d319c2dc5fe8bc2a4612d250554e4ea490989
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96615771108301AFD705EF64D985DEFBBE8FF89750F00092EF5A5961A1DB309A89CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000FC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 000FC4B0
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 000FC4C3
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 000FC4D7
                                                                                                                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 000FC4F0
                                                                                                                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 000FC533
                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 000FC549
                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000FC554
                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 000FC584
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 000FC5DC
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 000FC5F0
                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 000FC5FB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 297f0f6a1b0860573160bfa54579794688fa9bb473ccd436f1bfeccc73f890c1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02c522bb4ba66c95b1ff573af5ed310c3143084fce38024a3ed6288d32a0588c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 297f0f6a1b0860573160bfa54579794688fa9bb473ccd436f1bfeccc73f890c1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E516EB054060CBFEB258F64CA49EBB7BFCFB04754F008419FA4696A50D770E984EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0011856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00118592
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 001185A2
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 001185AD
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001185BA
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 001185C8
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 001185D7
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 001185E0
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001185E7
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 001185F8
                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,0011FC38,?), ref: 00118611
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00118621
                                                                                                                                                                                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,000000FF), ref: 00118641
                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00118671
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00118699
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 001186AF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d3aa18ce4b78c79f7496ad0145de389bb1d43c4d000289fed23d23a2745fc0d9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 885da14b6931242f4e6d80afd3c853cb672cf7a77678d6b29a5189138ba8a01c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3aa18ce4b78c79f7496ad0145de389bb1d43c4d000289fed23d23a2745fc0d9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E412975640204BFDB199FA5CD48EEA7BBDFF89711F108168F905E7260DB309981CB60
                                                                                                                                                                                                                                                                                                                                                      Function 000F14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 000F1502
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 000F150B
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000F1517
                                                                                                                                                                                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 000F15FB
                                                                                                                                                                                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 000F1657
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 000F1708
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 000F178C
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000F17D8
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000F17E7
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 000F1823
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4eb381a8d8e3a8d4e210f08511c39051a2ce4237ae47102f10fe7ace6d610a29
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4bf9ea734b4c3e4fa5a40c878a792fddd44bed781165714bcd67890388be3f20
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4eb381a8d8e3a8d4e210f08511c39051a2ce4237ae47102f10fe7ace6d610a29
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FD12231A04A19DBDF14AF64D885BFDB7B6BF45B00F108056F656AB981DB30DC40EBA1
                                                                                                                                                                                                                                                                                                                                                      Function 0010B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0010B6AE,?,?), ref: 0010C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0010B6F4
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0010B772
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 0010B80A
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0010B87E
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0010B89C
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0010B8F2
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0010B904
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0010B922
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0010B983
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0010B994
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d78a3ceb04ee2e22d4029fa2a6ba02e52ea6d7c6f1d7e3c2d229ec44cacc8b19
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9fd898a29c40174a43ded377f0e4bf18c0d638a582b66d27333860c957a7cfc6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d78a3ceb04ee2e22d4029fa2a6ba02e52ea6d7c6f1d7e3c2d229ec44cacc8b19
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CC17A74208201EFD714EF24C495F6ABBE5BF84308F14859CF59A8B6A2CBB1ED45CB91
                                                                                                                                                                                                                                                                                                                                                      Function 0010255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 001025D8
                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 001025E8
                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 001025F4
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00102601
                                                                                                                                                                                                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0010266D
                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 001026AC
                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 001026D0
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 001026D8
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 001026E1
                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 001026E8
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 001026F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 89faec9082f65a4012e0d435617b428662e5ae775006b08c7a957f09dd1d28a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 132fe82fea11367cef6e806a9ca52f43ccec356d8268561cb62fbc211205c99a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89faec9082f65a4012e0d435617b428662e5ae775006b08c7a957f09dd1d28a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE61E2B5D00219EFCF08CFA4D988AEEBBB6FF48310F208529E955A7250D771A941CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000BDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 000BDAA1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD659
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD66B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD67D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD68F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD6A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD6B3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD6C5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD6D7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD6E9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD6FB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD70D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD71F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD63C: _free.LIBCMT ref: 000BD731
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDA96
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000), ref: 000B29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: GetLastError.KERNEL32(00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000,00000000), ref: 000B29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDAB8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDACD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDAD8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDAFA
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDB0D
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDB1B
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDB26
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDB5E
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDB65
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDB82
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BDB9A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b5edca430f13057343ba2380922492ad095432592e070475de0506f8bd19b70c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 884629f53a6d54f442bd8cf855baa792f400c9e28d5a23ed99b510c69163fe10
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5edca430f13057343ba2380922492ad095432592e070475de0506f8bd19b70c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E312831604605EFEB61AA39E845BDAF7E9FF00320F15482AE449D7192EF31EC80CB25
                                                                                                                                                                                                                                                                                                                                                      Function 000E365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 000E369C
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000E36A7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 000E3797
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 000E380C
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 000E385D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000E3882
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 000E38A0
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000), ref: 000E38A7
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 000E3921
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 000E395D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2d44c70127435b7eee400b1e78e47b8f84296ea1c8de86b0a1f81baeef646974
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 73d8166e1498624a91474466d7f0afc6593ae2498966b6ca6f03dc02adfdfb7d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d44c70127435b7eee400b1e78e47b8f84296ea1c8de86b0a1f81baeef646974
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2919E71204746AFD718DF66C889BEAFBE8FF44350F008529F999A3191DB30AA45CB91
                                                                                                                                                                                                                                                                                                                                                      Function 000E4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 000E4994
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 000E49DA
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000E49EB
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 000E49F7
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 000E4A2C
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 000E4A64
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 000E4A9D
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 000E4AE6
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 000E4B20
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000E4B8B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc3da5dafe81c0c33c33244c06c83adfc6f426423409f5552f1396da48fba706
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 86e96af3b2f583b1c491215d3b7a521656b1f97bb69a9624af7df6f35a41f60f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc3da5dafe81c0c33c33244c06c83adfc6f426423409f5552f1396da48fba706
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B391DF710043459FDB08DF16C985FAA77E8FF84314F08846AFD85AA196EB34ED45CBA2
                                                                                                                                                                                                                                                                                                                                                      Function 0010CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0010CC64
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0010CC8D
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0010CD48
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0010CCAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0010CCBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0010CCCF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0010CD05
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0010CD28
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0010CCF3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06a5c96b2217e3aca96a6c23ff3eea84d64c70fab03fa934a1ed757d74ff4cb6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dff70d23d94a2d5a1b5ce2b06b554497fa92dbc0e4260f672fced8cbf6009b42
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06a5c96b2217e3aca96a6c23ff3eea84d64c70fab03fa934a1ed757d74ff4cb6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E31AE71941129BBDB248B90DD88EFFBB7CEF45740F004265B945E2290DB708E859BE0
                                                                                                                                                                                                                                                                                                                                                      Function 000F3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 000F3D40
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F3D6D
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 000F3D9D
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 000F3DBE
                                                                                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 000F3DCE
                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 000F3E55
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000F3E60
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000F3E6B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 608569ce430b1c96bef99f1d2f49e54ec6d2433ac4f7e592aaa933047cf0f508
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67b198c23c8ee0886c893fca5fdbab502e879f85d43a728a8f9f8b8e826233d5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 608569ce430b1c96bef99f1d2f49e54ec6d2433ac4f7e592aaa933047cf0f508
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0531D072940219ABDB209FA0DC49FEF37BDEF89750F1040B5F609D2461EB7097848B64
                                                                                                                                                                                                                                                                                                                                                      Function 000EE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 000EE6B4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009E551: timeGetTime.WINMM(?,?,000EE6D4), ref: 0009E555
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 000EE6E1
                                                                                                                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 000EE705
                                                                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 000EE727
                                                                                                                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 000EE746
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 000EE754
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 000EE773
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 000EE77E
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 000EE78A
                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 000EE79B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a538359f5d68b860ebe2f137fb043691e2f00e68da96b9937ea79088c565d8c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 11203651bfb37206ecd6d2f814a87df7e7189a84c1baed9b699cb793288ae66f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a538359f5d68b860ebe2f137fb043691e2f00e68da96b9937ea79088c565d8c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B121F6712403C9FFEB005F21ED89B693BAAF75534AF104424F805A6AB1DB719C80CA54
                                                                                                                                                                                                                                                                                                                                                      Function 000EE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 000EEA5D
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 000EEA73
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 000EEA84
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 000EEA96
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 000EEAA7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c951f403eb900da9d7734d1af0359668200b529546b3f056547a723ad26873d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ab5d6ab87f3bb9e8fd71c9fecb07829e51888ca7c9d3a1aa4ac33530db12671
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c951f403eb900da9d7734d1af0359668200b529546b3f056547a723ad26873d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 311154316502997DD720B762DC4ADFF6ABCFBD2B18F440439B441A20E1EFB01A45C6B2
                                                                                                                                                                                                                                                                                                                                                      Function 000E5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 000E5CE2
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 000E5CFB
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 000E5D59
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 000E5D69
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 000E5D7B
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 000E5DCF
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 000E5DDD
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 000E5DEF
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 000E5E31
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 000E5E44
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 000E5E5A
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 000E5E67
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2a76609f1b5fde693362d8452cd8d80e422f29a4db2414a23a67f844b3dce6ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b2adb2cf596ad9c22ad5c327eac706c6522970354eca6d6a8e522c33badf7e59
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a76609f1b5fde693362d8452cd8d80e422f29a4db2414a23a67f844b3dce6ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D512D70A40605AFDB18CF69CE89AAEBBF5FB48305F108529F515E7690D7709E40CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00098BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00098F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00098BE8,?,00000000,?,?,?,?,00098BBA,00000000,?), ref: 00098FC5
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00098C81
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,?,?,?,00098BBA,00000000,?), ref: 00098D1B
                                                                                                                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 000D6973
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00098BBA,00000000,?), ref: 000D69A1
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00098BBA,00000000,?), ref: 000D69B8
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00098BBA,00000000), ref: 000D69D4
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 000D69E6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98eafee910fedb6295ccfbcdba9f219a29a6eb6a8571f0bd4315fa2943d62b90
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f985b1984c7d317278e3fb98688bbd27da181b2bf626fa1ed82b84f3aef0e185
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98eafee910fedb6295ccfbcdba9f219a29a6eb6a8571f0bd4315fa2943d62b90
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB615B70502700EFCF769F14DA58B69B7F1FB45316F14851DE0429AA60CB72A9C0EFA1
                                                                                                                                                                                                                                                                                                                                                      Function 00099838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099944: GetWindowLongW.USER32(?,000000EB), ref: 00099952
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00099862
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 23a503fde5270c85e393e4b1a85d8b654588d3825197ab428427714857cb8a01
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e745cd6399ed400301e99e219722f3c87235c159feb75ac0380c95277358a87c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23a503fde5270c85e393e4b1a85d8b654588d3825197ab428427714857cb8a01
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B418131144640EFDF245F3C9C84BBA3BA5AB46331F14461DF9A6872E1EB719C81EB61
                                                                                                                                                                                                                                                                                                                                                      Function 000B8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1232320464
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 65fe5247346b6f68ac69624201867ef671cb9d69b0d8d91a6fd0c28ae57f7e03
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bccbfa83ba910b797bc3f2613f1237d54833f5abb7ef5fda3c4497db58b2f1a8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65fe5247346b6f68ac69624201867ef671cb9d69b0d8d91a6fd0c28ae57f7e03
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14C1C274904349AFDB61EFE8D845BFDBBF4AF09310F148199E915AB392CB309941CB61
                                                                                                                                                                                                                                                                                                                                                      Function 000E96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,000CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 000E9717
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,000CF7F8,00000001), ref: 000E9720
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,000CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 000E9742
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,000CF7F8,00000001), ref: 000E9745
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 000E9866
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b0dd6763f04f0658c19273026b5f5872bd111780d2584e560bd74a9bc19326c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e494416b4942397d86e9b1323065caaa5cfdb53c648486cca47217c15c6556d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b0dd6763f04f0658c19273026b5f5872bd111780d2584e560bd74a9bc19326c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33411972900219AACF04FBE0CE86EEEB778AF55740F540065F645720A3EB356F49CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 000E06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 000E07A2
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 000E07BE
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 000E07DA
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 000E0804
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 000E082C
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 000E0837
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 000E083C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d236a91b7d11bea7027ea9f9663806956ce553344742bfb4456550e2923c539b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd461b05e57dc815805dcf50d7c61121f9e30f34b5360f62af91491b8882a3c5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d236a91b7d11bea7027ea9f9663806956ce553344742bfb4456550e2923c539b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2411572D10229AFDF15EBA4DC858EDB7B8BF54750B044129E941B3162EB709E44CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00103C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00103C5C
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00103C8A
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00103C94
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00103D2D
                                                                                                                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00103DB1
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00103ED5
                                                                                                                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00103F0E
                                                                                                                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,0011FB98,?), ref: 00103F2D
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00103F40
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00103FC4
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00103FD8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 988b151f41c3fcd41369f3d4438cd8eeb72e826d859c14197c162fcfdb87983b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 71a1bbeb04f90adc4635586993841fdf351417ceb727ab3dc52da51954003d8c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 988b151f41c3fcd41369f3d4438cd8eeb72e826d859c14197c162fcfdb87983b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84C177716083019FC704DF68C98496BB7E9FF89744F00491DF99A9B291D770EE46CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000F7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 000F7AF3
                                                                                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 000F7B8F
                                                                                                                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 000F7BA3
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0011FD08,00000000,00000001,00146E6C,?), ref: 000F7BEF
                                                                                                                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 000F7C74
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 000F7CCC
                                                                                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 000F7D57
                                                                                                                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 000F7D7A
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 000F7D81
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 000F7DD6
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 000F7DDC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0610dcef05e6e4c7561197e41ccc7aa06ef6b8a333752e98be41ccb6d32748b9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3c65e065be0275bc2989d9968edba9e6a8fed908872e17a75d07464664eda181
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0610dcef05e6e4c7561197e41ccc7aa06ef6b8a333752e98be41ccb6d32748b9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FC12C75A04109AFCB14DFA4C884DAEBBF9FF49304B148499E919DB762D731EE41CB90
                                                                                                                                                                                                                                                                                                                                                      Function 0011541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00115504
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00115515
                                                                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000158), ref: 00115544
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00115585
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0011559B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 001155AC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9e56aa7fa2e94a1ba441c7768f182c04865846d4944093789cb7c90245414627
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 583326cb8923ca9fddc221e9a3362c50d4bda20f135c0b73867c836d04d08aeb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e56aa7fa2e94a1ba441c7768f182c04865846d4944093789cb7c90245414627
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19619230900608EFDF189F54CD849FE7BBAEB49725F108165F525AB691E7708AC0DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 000DFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 000DFAAF
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 000DFB08
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 000DFB1A
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 000DFB3A
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 000DFB8D
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 000DFBA1
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000DFBB6
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 000DFBC3
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 000DFBCC
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000DFBDE
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 000DFBE9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 815171271f31a6271f5c153650327f05ac64d9a8a2040ec7e8eda75106dde9cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b6a96130a44ca0081583d616164517231dad5052447a3e27a991d0f5429aaaf6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 815171271f31a6271f5c153650327f05ac64d9a8a2040ec7e8eda75106dde9cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53416F35A0421A9FDB04DFA8D8549FEBBB9FF08354F00C06AF946A7761C730A945CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 000E9CA1
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 000E9D22
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 000E9D3D
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 000E9D57
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 000E9D6C
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 000E9D84
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 000E9D96
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 000E9DAE
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 000E9DC0
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 000E9DD8
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 000E9DEA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 056198ea45e518c1ca89f38a71845be72f69e82f3683f513dcb0c2e32c175beb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 57a35c3a01483a9036357490312f119b7a97b11f66343e8fab2d238406f079b9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 056198ea45e518c1ca89f38a71845be72f69e82f3683f513dcb0c2e32c175beb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5641F8346087DA6DFFB4976288043F5FEE16F11344F08805ADAC6766C2DBE499C8C7A2
                                                                                                                                                                                                                                                                                                                                                      Function 0010055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 001005BC
                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 0010061C
                                                                                                                                                                                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 00100628
                                                                                                                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00100636
                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 001006C6
                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 001006E5
                                                                                                                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 001007B9
                                                                                                                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 001007BF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 890fe8525db00ed799e01e7fe59db8b5cca63d123c937c1db389b7c690e07f7c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 908fcf105debb7385e5b02879919ec1e2e156e63ac218913e7ffd2ffd2433812
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 890fe8525db00ed799e01e7fe59db8b5cca63d123c937c1db389b7c690e07f7c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6091BF34608201AFD725DF15C888F1ABBE0BF49318F1585A9F4E98B6A2C7B4ED41CF91
                                                                                                                                                                                                                                                                                                                                                      Function 00108CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7d7216305e8617239c55748574b9fbe38a4acad0bf4ea0449f6cd695b89aae0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4ad3c6c6f7dca10f65358839ef633f591c37cf7bd590f7c1a149ea8d41b21c57
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7d7216305e8617239c55748574b9fbe38a4acad0bf4ea0449f6cd695b89aae0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B151A031A085169BCF14EFA8C9408BEB7A6BF65324B214229E4E6E72C1DBB0DD40C790
                                                                                                                                                                                                                                                                                                                                                      Function 0010372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 00103774
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0010377F
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,0011FB78,?), ref: 001037D9
                                                                                                                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 0010384C
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 001038E4
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00103936
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7bb2d12af8060351a8884f6650648bbbc9d10d6f3d9c2f25f0333c7cddca7024
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cee8a99d17d0f059bfa25e5a6a48d8d90e4250173e6d6042fec91473aeb39f5e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bb2d12af8060351a8884f6650648bbbc9d10d6f3d9c2f25f0333c7cddca7024
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C61A070608701AFD315DF54C888FAAB7E8EF49714F10495AF5D59B291C7B0EE48CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000F8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 000F8257
                                                                                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 000F8267
                                                                                                                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 000F8273
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 000F8310
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 000F8324
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 000F8356
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 000F838C
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 000F8395
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d373c34943de4eb4041fbed0dbc1c2d03a8a003b6003befa82bfb586250c8cd6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 825b0f46c9c904956406500ec7c4c69c16ae69dd290c5f57fdb09389ca57f43b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d373c34943de4eb4041fbed0dbc1c2d03a8a003b6003befa82bfb586250c8cd6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0618CB25047499FC710EF60C8449EEB3E8FF89314F04892EFA9997652DB31E945CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000F3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 000F33CF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 000F33F0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c6aca7cef982f14c1ae75ab17cdb60dc3d3a4249a0a3f34d8d43082c6513077
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2bae7c88a797850b77685aa08319c9503beb4cefcfb56419a35f144e7cb0f9b0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c6aca7cef982f14c1ae75ab17cdb60dc3d3a4249a0a3f34d8d43082c6513077
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D251887290020AAADF15FBA0CD46EFEB3B8BF14750F244065F505720A2EB252F98DB61
                                                                                                                                                                                                                                                                                                                                                      Function 000EB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6d53962ca0ca93027efe864eebf950c7a1a19651e1f91a586567dd4913016eda
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6d0bc16a5abc4eaa233111b31cf5b8b703b8981cac5abfcd8de481b8919b525
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d53962ca0ca93027efe864eebf950c7a1a19651e1f91a586567dd4913016eda
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD410832A000679ECB606F7E89905BFB7E5BFA1754B254129E461F7284E739CD81C790
                                                                                                                                                                                                                                                                                                                                                      Function 000F5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 000F53A0
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 000F5416
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000F5420
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 000F54A7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a987cd8e79de791b7c4751b6cc55a6b14493e886f58ea3655fe34b8e19935191
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9513524b15c5fcc0be446b2fec18169ab5c036528734c1938a41c861309998a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a987cd8e79de791b7c4751b6cc55a6b14493e886f58ea3655fe34b8e19935191
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F31C235A006089FC710DF68C984AFABBF4FF0530AF148069E605DB662D730ED82DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 00113C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateMenu.USER32 ref: 00113C79
                                                                                                                                                                                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00113C88
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00113D10
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00113D24
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00113D2E
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00113D5B
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00113D63
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 39735f68c82f4556a89efbae1b9fa109cbe9963928b679c130bbd38c1747fc3d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5b4bc86ed256d60ccfbaccb791f3e432c0f98d91282e23d125fc37cb289aa68f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39735f68c82f4556a89efbae1b9fa109cbe9963928b679c130bbd38c1747fc3d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6418879A01609EFDF18CFA4E844BEA7BB6FF49314F144029E956A7360D730AA50CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000E1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 000E3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 000E1F64
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 000E1F6F
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 000E1F8B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 000E1F8E
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 000E1F97
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 000E1FAB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 000E1FAE
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be8a6dfdcc9ee10fd5d35c1befd8f3664827cb26bc4e39c2e69a3e54eb867970
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0b743ffd7e3f4e977dc9fc9290f56bcc7d22f0aaf0acc872ca5cbca34f3b7177
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be8a6dfdcc9ee10fd5d35c1befd8f3664827cb26bc4e39c2e69a3e54eb867970
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1421CF70940218BFCF04AFA1CC85DFEBBB9EF05350B104125F961A72A2DB359948DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00113A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00113A9D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00113AA0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00113AC7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00113AEA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00113B62
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00113BAC
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00113BC7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00113BE2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00113BF6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00113C13
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 13ae93ac6af49ecf557495c1fd21206ddffc43d7944127833cce79b795912bcf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 66c4dda7db6cfd061279488b6b13cf53bb272032d716dfd7916449c81e495edd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13ae93ac6af49ecf557495c1fd21206ddffc43d7944127833cce79b795912bcf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96618D75900208EFDB15DF68CC81FEE77B8EB09714F10406AFA25AB291D770AE85DB50
                                                                                                                                                                                                                                                                                                                                                      Function 000EB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000EB151
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,000EA1E1,?,00000001), ref: 000EB165
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 000EB16C
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,000EA1E1,?,00000001), ref: 000EB17B
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 000EB18D
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,000EA1E1,?,00000001), ref: 000EB1A6
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,000EA1E1,?,00000001), ref: 000EB1B8
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,000EA1E1,?,00000001), ref: 000EB1FD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,000EA1E1,?,00000001), ref: 000EB212
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,000EA1E1,?,00000001), ref: 000EB21D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd768d624e719a3a9d3ba74780b9388c418ff2e7db4775b7c3c451d9112771d1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02c2c44c8ebadf919e20a02976bbc00584e0d75542ba4db9dae1ab7dc5ec78de
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd768d624e719a3a9d3ba74780b9388c418ff2e7db4775b7c3c451d9112771d1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC31AC75540344FFDB549F29DD48BAFBBA9AF50352F508008FA10EB690E7B49A808FA4
                                                                                                                                                                                                                                                                                                                                                      Function 000B2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2C94
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000), ref: 000B29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: GetLastError.KERNEL32(00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000,00000000), ref: 000B29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CA0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CAB
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CB6
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CC1
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CCC
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CD7
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CE2
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CED
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2CFB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1eca75c6f2ce99b01a3634ffd75e3259ce6f5a7bbbc2c2e0700cc84d03dffc86
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f37f302756c869b9397a613cbcf1ac924093b81981a89ad4e3bcc11f952d775e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1eca75c6f2ce99b01a3634ffd75e3259ce6f5a7bbbc2c2e0700cc84d03dffc86
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94114276510108BFCB02EF94D982CDD3BA9FF09350F9149A5FA489F223DA31EE509B90
                                                                                                                                                                                                                                                                                                                                                      Function 000F7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 000F7FAD
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 000F7FC1
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 000F7FEB
                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 000F8005
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 000F8017
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 000F8060
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 000F80B0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4a2f5d9fd75048c00d31f0468fb6bf7937db83b0e3eb37b4a50974d71d754927
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3869126e5352d73d6da9c838effcfc3d5e0fedb0f5fbb89e5a0ad339708018ab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a2f5d9fd75048c00d31f0468fb6bf7937db83b0e3eb37b4a50974d71d754927
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD81D0715082099BCB64EF14C844ABEB3E8BF89310F54886FFA89C7651EB34DD459B93
                                                                                                                                                                                                                                                                                                                                                      Function 00085BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 00085C7A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00085D0A: GetClientRect.USER32(?,?), ref: 00085D30
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00085D0A: GetWindowRect.USER32(?,?), ref: 00085D71
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00085D0A: ScreenToClient.USER32(?,?), ref: 00085D99
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 000C46F5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 000C4708
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 000C4716
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 000C472B
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 000C4733
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 000C47C4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 51eddebc18401d2c6e788398dab0b8ba5d7ef01df88474bb41bf91cd9a26fb36
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21bcddc5c8a4e58ab44542ed0a3d756277c00c793307a286b0f63b108b13e6db
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51eddebc18401d2c6e788398dab0b8ba5d7ef01df88474bb41bf91cd9a26fb36
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F871BC31404205EFCF259F64C9A4FEE3BB6FF4A365F144269ED955A2AAC7308881DF50
                                                                                                                                                                                                                                                                                                                                                      Function 000F359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 000F35E4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00152390,?,00000FFF,?), ref: 000F360A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e427dd543a0fed22da07fa01310fdd96a1ea7508c6652f95817b59e0bc203114
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 74d9547a50e54db62895bd89860d81236c5aee287a66005871af8e9197164b1e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e427dd543a0fed22da07fa01310fdd96a1ea7508c6652f95817b59e0bc203114
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F515A7190020ABADF15FBA0CC42EFEBB78BF14310F184125F605725A2EB311B99DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 000FC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 000FC272
                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000FC29A
                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 000FC2CA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000FC322
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 000FC336
                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 000FC341
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c32e92cde1129ef205793cb2fd2d86a6721fb4f23442a6befa3036cccd6f76bf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b8b7fef9845a1a37ca01a81e2981d819db11db03174c2f13dc6d8a13afd154c9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c32e92cde1129ef205793cb2fd2d86a6721fb4f23442a6befa3036cccd6f76bf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E31B37150020CAFE7619F648E85EBB7BFCEB45780B04851EF54692A01DB30DD44ABA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,000C3AAF,?,?,Bad directive syntax error,0011CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 000E98BC
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,000C3AAF,?), ref: 000E98C3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 000E9987
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 41bc0a63a22f11df92bd64d73001007519ad3c9c4b45435c62879a1c6e841a9a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 005c47fd44012da5ee622a801ccd2f7154ab4167ca5561d4f55c061bec4273d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41bc0a63a22f11df92bd64d73001007519ad3c9c4b45435c62879a1c6e841a9a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC21683294021AABCF15BF90CC0AEEE7779BF19704F084429F515720A3EB719A68DB51
                                                                                                                                                                                                                                                                                                                                                      Function 000E209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 000E20AB
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 000E20C0
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 000E214D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3219ab8b4d67d2cb5f8af4776598baaf9daed62b5a16cb045180735bc6db8a3a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6cc4a9262bd5c220efa8ddf009467fa5873769a6497a11018cd4e540b5ab0ad1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3219ab8b4d67d2cb5f8af4776598baaf9daed62b5a16cb045180735bc6db8a3a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1211027A6C8706BEFB152221EC06DEA379DDB26324B200056FB04B50F3FBA1A9425654
                                                                                                                                                                                                                                                                                                                                                      Function 000BCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d2ea2ed1738cbb56034f2f5636c665b79a8e4190265f1953bfbfcd30bd362bfb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68e67b466f5e2e10e4caebc0b908553f06a797d383fbb131bbebf9e2314a0f5c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2ea2ed1738cbb56034f2f5636c665b79a8e4190265f1953bfbfcd30bd362bfb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6761E571904302EBEB61AFF49885AFEBBE5EF05350F0445BEF945AB282E6319E418750
                                                                                                                                                                                                                                                                                                                                                      Function 001150D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00115186
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 001151C7
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005,?,00000000), ref: 001151CD
                                                                                                                                                                                                                                                                                                                                                      • SetFocus.USER32(?,?,00000005,?,00000000), ref: 001151D1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00116FBA: DeleteObject.GDI32(00000000), ref: 00116FE6
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0011520D
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0011521A
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0011524D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00115287
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00115296
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 182f40e234fc9046c0a54cac0770b64e967680432f5eec97b8ab77b41cd77408
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9963dc50047c0d46aeae2c4197b12c6ba4667f9031e15861a97be9f5ce63df7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 182f40e234fc9046c0a54cac0770b64e967680432f5eec97b8ab77b41cd77408
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9151B131A90A08FEEF2D9F24CC49BD83B67FB85365F148125F615962E1C7B5A9C0DB40
                                                                                                                                                                                                                                                                                                                                                      Function 00098B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 000D6890
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 000D68A9
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 000D68B9
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 000D68D1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 000D68F2
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00098874,00000000,00000000,00000000,000000FF,00000000), ref: 000D6901
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 000D691E
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00098874,00000000,00000000,00000000,000000FF,00000000), ref: 000D692D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b4b1a034f0f096bebd24f979536cf499c232c5c6512c66d0ff7e9a9a56e99966
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91f630aa919431a5e0411f7eb9c751ad2529e5b37a0c72160d73b7ea3e0df155
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4b1a034f0f096bebd24f979536cf499c232c5c6512c66d0ff7e9a9a56e99966
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98517770600309EFDF24CF24CC55BAA7BF6EB48754F148519F912976A0DB71E990EB90
                                                                                                                                                                                                                                                                                                                                                      Function 000FC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 000FC182
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000FC195
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 000FC1A9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000FC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 000FC272
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000FC253: GetLastError.KERNEL32 ref: 000FC322
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000FC253: SetEvent.KERNEL32(?), ref: 000FC336
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000FC253: InternetCloseHandle.WININET(00000000), ref: 000FC341
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 65b917423d7c322fa1b3ce64568c9cbda26021f4a6c5f7047aeb3b33461a502a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9c8560c924dd6aeffe764acc299035ab39c93409f823f15ccb0195c879d66dc1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65b917423d7c322fa1b3ce64568c9cbda26021f4a6c5f7047aeb3b33461a502a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C531B27114060DAFEB659FA5DE45EBABBF8FF58300B04841DFA5682A11D730E854EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 000E3A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: GetCurrentThreadId.KERNEL32 ref: 000E3A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,000E25B3), ref: 000E3A65
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 000E25BD
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 000E25DB
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 000E25DF
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 000E25E9
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 000E2601
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 000E2605
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 000E260F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 000E2623
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 000E2627
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0174660bc739e333fb3d3c6d7ce23f9e019c4c29eaf2bc8433ba9ed140c37e75
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cb6129e543f7b1395eb4f4a95efe62660d1c1cce9b4107767c5635c3c8f88a99
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0174660bc739e333fb3d3c6d7ce23f9e019c4c29eaf2bc8433ba9ed140c37e75
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7501B1313D0754BBFB2067699C8AFD93E99DB4AB12F104011F318AF1D1C9E22484CAAA
                                                                                                                                                                                                                                                                                                                                                      Function 000E1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,000E1449,?,?,00000000), ref: 000E180C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,000E1449,?,?,00000000), ref: 000E1813
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,000E1449,?,?,00000000), ref: 000E1828
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,000E1449,?,?,00000000), ref: 000E1830
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,000E1449,?,?,00000000), ref: 000E1833
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,000E1449,?,?,00000000), ref: 000E1843
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(000E1449,00000000,?,000E1449,?,?,00000000), ref: 000E184B
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,000E1449,?,?,00000000), ref: 000E184E
                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,000E1874,00000000,00000000,00000000), ref: 000E1868
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 46d02f77ee5692dad3b55ae9c4426ac079af8bdcdf9ccfa0e6cb4ca2904fe60c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c0eeed35e6bfe7118940910b04a91201c60980678bb0fc1d7df27b23c7ca0a76
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46d02f77ee5692dad3b55ae9c4426ac079af8bdcdf9ccfa0e6cb4ca2904fe60c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9901BFB52C0344FFE710AB65DD4DF977B6CEB89B11F008411FA05DB591CA709840CB60
                                                                                                                                                                                                                                                                                                                                                      Function 000B3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                      • String ID: }}$}}$}}
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1036877536-3424312472
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5485cfafc5494673dfef1614135e96bb9ebab17aea809d6ef67f3c450b8f4596
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9A13772E103869FDB25DF18C8917FEBBE5EF62350F28456DE5959B283C2348A81C750
                                                                                                                                                                                                                                                                                                                                                      Function 0010A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000ED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 000ED501
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000ED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 000ED50F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000ED4DC: CloseHandle.KERNEL32(00000000), ref: 000ED5DC
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0010A16D
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0010A180
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0010A1B3
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0010A268
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0010A273
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0010A2C4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6e3704a7cbb196263ef280357a8c3db411b0d7165a427e6694abdf906ccb1c5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8633270d590a53753079772e7394d59910e2339736b1d1a12ff81cae4235ef01
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e3704a7cbb196263ef280357a8c3db411b0d7165a427e6694abdf906ccb1c5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44618D30208341AFE714DF14C494F55BBA1AF54318F55849CE4AA4BBE3C7B2ED85CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00113886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00113925
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0011393A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00113954
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00113999
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 001139C6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 001139F4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 00703f2fb438994f0f2017135fac69716222d3d5a8f6211fd4cdb38b138876d9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67a9c2accf63ab4fb448243de2b1cbdd862f33bfb5947dfc0622d9f3e19d5ffc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00703f2fb438994f0f2017135fac69716222d3d5a8f6211fd4cdb38b138876d9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3441A271A00218ABEF259F64CC49FEA7BA9EF08354F100536F968E7281D7719EC4CB90
                                                                                                                                                                                                                                                                                                                                                      Function 000EBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 000EBCFD
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 000EBD1D
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 000EBD53
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00BD56C0), ref: 000EBDA4
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(00BD56C0,?,00000001,00000030), ref: 000EBDCC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7834b9d88785cb730b17262fcb48b97b39fc801be4ac448e9b91331d8f9a87d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c46281f8ead6037f4cfa26e3e66d98dce625d6bed95d5342fddb74d5bf8f6c39
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7834b9d88785cb730b17262fcb48b97b39fc801be4ac448e9b91331d8f9a87d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0251BE70A082899FDB24CFAADD84BEFBBF5AF45314F148219E411BB291E7709941CB51
                                                                                                                                                                                                                                                                                                                                                      Function 000A2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 000A2D4B
                                                                                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 000A2D53
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 000A2DE1
                                                                                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 000A2E0C
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 000A2E61
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                      • String ID: &H$csm
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-3822885207
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 918ffa6ffd1608d7ee053091b058b4e32fca5217275249f474f8ad5aaec1caf4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 850c324caf26fe646682effbebd51c5ac65549ea666e7f024b1392407c854497
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 918ffa6ffd1608d7ee053091b058b4e32fca5217275249f474f8ad5aaec1caf4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1418034A01209ABCF10DFACC845ADEBBA5BF46324F148165F8146B293DB35EA55CBD0
                                                                                                                                                                                                                                                                                                                                                      Function 000EC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 000EC913
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 960522037855072041bd5b31283c7c0e26c899f7fa0e467e12f019c15ed50a7d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0359d238afe8ae83eda86f623999c5c3b3c3c9cb027a2c891c44ff3f61d3f151
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 960522037855072041bd5b31283c7c0e26c899f7fa0e467e12f019c15ed50a7d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8112736689387BEF7049B559D83CEE77DCDF26319B20002AF500B6193EBF65E01526A
                                                                                                                                                                                                                                                                                                                                                      Function 000EED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c168866917035ab05333aabf78684fc8ca68c75d397fd3903e7563d6e5e8116
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3543d9d7184a5b3ddced321e27740aecd79a2dc2fcda72af82a2ea98dc529714
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c168866917035ab05333aabf78684fc8ca68c75d397fd3903e7563d6e5e8116
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07418065C10298A9CB11EBF5CC8AACFB7ACAF46710F508462E515F3122EB34E255C3A5
                                                                                                                                                                                                                                                                                                                                                      Function 0009F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,000D682C,00000004,00000000,00000000), ref: 0009F953
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,000D682C,00000004,00000000,00000000), ref: 000DF3D1
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,000D682C,00000004,00000000,00000000), ref: 000DF454
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 982725664894ba81661f25025761d275d3338a5f5d7ed3456f970715b0aaf342
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c2950d2c90445e0495d71c402406da95dfb257f4e970476a37aa49e542adbd8e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 982725664894ba81661f25025761d275d3338a5f5d7ed3456f970715b0aaf342
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D413B31218742BECFB99B28C98877E7BD2AB57314F14C43DE047D6A61C671A9C0EB61
                                                                                                                                                                                                                                                                                                                                                      Function 00112D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00112D1B
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00112D23
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00112D2E
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00112D3A
                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00112D76
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00112D87
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00115A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00112DC2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00112DE1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 63a227f9bbd1d1df227b7e4ad8bbd353feaa66613541e0e892e215e547ee865a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ca045d4c08d29b72c03b1ab6736ddc1f53edcdf80be20e4bc6daac6ed01e93ae
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63a227f9bbd1d1df227b7e4ad8bbd353feaa66613541e0e892e215e547ee865a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9319F76241214BFEF194F50DC89FEB3BA9EF09711F048065FE089A291D6759C90C7A4
                                                                                                                                                                                                                                                                                                                                                      Function 000E5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d3873452e07a725eed2073e610ed00b2c6c28aed41ab6883cf5bafe239d2f9f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e171ab7e8af078424c34d4fbd918186244166e68d66457cbed7bc3704fbd580
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3873452e07a725eed2073e610ed00b2c6c28aed41ab6883cf5bafe239d2f9f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B21D772744A497FD6189A229E92FFF339CAF2138AF440434FD04AB582F760EE1181E5
                                                                                                                                                                                                                                                                                                                                                      Function 00104FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 627b6b1844b9f5eab8a822c67a6043908be31493cdd95c465f760277fc068548
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 714f52533aa6193db5878aa4570f04ef8d52a1c4f7748f3dd63882cd08fbbd85
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 627b6b1844b9f5eab8a822c67a6043908be31493cdd95c465f760277fc068548
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4D1A275A0060A9FDF14CFA8C881BAEB7B6BF48344F148469E955AB281D7B0DD45CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000C1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?), ref: 000C15CE
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 000C1651
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 000C16E4
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 000C16FB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B3820: RtlAllocateHeap.NTDLL(00000000,?,00151444,?,0009FDF5,?,?,0008A976,00000010,00151440,000813FC,?,000813C6,?,00081129), ref: 000B3852
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 000C1777
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000C17A2
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000C17AE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d7992e5f2b8e38591b0647fe3f1346e4f4ff910d026cb48f3fdedb1795e5651
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c48a194fc937001c5249a06699d9fad550c8573f4139e5325f0d92ba7cb71078
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d7992e5f2b8e38591b0647fe3f1346e4f4ff910d026cb48f3fdedb1795e5651
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50919171E146169ADF248F64C891FEE7BF5AF4A310F18465DE802E7282DB35DD40CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00104523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 50bbc472755192f93b128eecf286f4f1021245a43351e8ebc70b385904238761
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 08ed8b4ee4564dcf7f01f9e623ca93fd2eb7f08001f5a6aa44155aea2b7ea1b8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50bbc472755192f93b128eecf286f4f1021245a43351e8ebc70b385904238761
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C49182B1A00219ABDF24CFA5C884FEE77B8EF46714F108559F645AB2C1D7B09941CFA0
                                                                                                                                                                                                                                                                                                                                                      Function 000F1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 000F125C
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 000F1284
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 000F12A8
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 000F12D8
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 000F135F
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 000F13C4
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 000F1430
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c85d9893bf3bb0a746b30570c87fdd5b607a8a4d95e92a5b62b59420f52b8954
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5afacc151c93f9728f67da928d08e28f33e8b3ccc2cceba052171c96facaf198
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c85d9893bf3bb0a746b30570c87fdd5b607a8a4d95e92a5b62b59420f52b8954
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD91CF71A00209EFDB44DF94C884BFEB7B5FF44324F104029EA50EBA92D779A941EB90
                                                                                                                                                                                                                                                                                                                                                      Function 0009948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 52e5410fc6b6d916ff54a6427d8ca3867f3287189a356f334254ca003d70b94d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6fe0ca998c7ccb9f2912540ee78ad09b201f61c75ef930b43e12e15b412fa9be
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52e5410fc6b6d916ff54a6427d8ca3867f3287189a356f334254ca003d70b94d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4913571D40219EFCF15CFA9C884AEEBBB8FF49320F14815AE515B7251D374AA81DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00103947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0010396B
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00103A7A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00103A8A
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00103C1F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000F0CDF: VariantInit.OLEAUT32(00000000), ref: 000F0D1F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000F0CDF: VariantCopy.OLEAUT32(?,?), ref: 000F0D28
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000F0CDF: VariantClear.OLEAUT32(?), ref: 000F0D34
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ee7b36a560b38e1ef1ddb51224eace50e0b7c03f0de2dcdd480119ff2756f9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4117675cf7f05c81f88ecc4f1d6c4c936464758341cf0c35de0b962a8324524
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ee7b36a560b38e1ef1ddb51224eace50e0b7c03f0de2dcdd480119ff2756f9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE9148756083059FC704EF24C48096AB7E8BF89314F14882DF8D997392DB71EE45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00104BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?,?,?,000E035E), ref: 000E002B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?,?), ref: 000E0046
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?,?), ref: 000E0054
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?), ref: 000E0064
                                                                                                                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00104C51
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00104D59
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00104DCF
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00104DDA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0646fdd465f640bbe290631c2ccd68ff2f8d597a3e2bee717952fff2f15a54c1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b435e9a916ed594479650be185fa182bd4126a53b78730cc95985867494844a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0646fdd465f640bbe290631c2ccd68ff2f8d597a3e2bee717952fff2f15a54c1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD9108B1D002199FDF14EFA4D891AEEB7B9BF08310F10816AE555B7291EB749A448FA0
                                                                                                                                                                                                                                                                                                                                                      Function 001120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 00112183
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 001121B5
                                                                                                                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 001121DD
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00112213
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 0011224D
                                                                                                                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 0011225B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 000E3A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: GetCurrentThreadId.KERNEL32 ref: 000E3A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,000E25B3), ref: 000E3A65
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 001122E3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EE97B: Sleep.KERNEL32 ref: 000EE9F3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d759a12325164414d3410cd159840b6df9605777b89a447cac4e42ec5458df96
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b847c533a84f1d548563396caa8b4b4ad89380338783c4c74242652c27493bdc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d759a12325164414d3410cd159840b6df9605777b89a447cac4e42ec5458df96
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC719F35A00205AFCB18EFA4C845AEEB7F1FF48310F158469E956EB342D734ED918B90
                                                                                                                                                                                                                                                                                                                                                      Function 00117E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00BD58C8), ref: 00117F37
                                                                                                                                                                                                                                                                                                                                                      • IsWindowEnabled.USER32(00BD58C8), ref: 00117F43
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0011801E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00BD58C8,000000B0,?,?), ref: 00118051
                                                                                                                                                                                                                                                                                                                                                      • IsDlgButtonChecked.USER32(?,?), ref: 00118089
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00BD58C8,000000EC), ref: 001180AB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 001180C3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 36426d50c302d228fb22ba0ed366389db6b216186d208f73efb26067ee4b3184
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b020a0413d91203fa1962313a44f9fd349a9074d955d510c58f18ff98f8e1ca5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36426d50c302d228fb22ba0ed366389db6b216186d208f73efb26067ee4b3184
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81719E74608205AFEB299F64C884FEBBBB5EF09300F144469F965973A1CB31ACC6CB51
                                                                                                                                                                                                                                                                                                                                                      Function 000EAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 000EAEF9
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 000EAF0E
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 000EAF6F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 000EAF9D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 000EAFBC
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 000EAFFD
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 000EB020
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 07dc4757fc1640a5f82b173e8780365f7c6d27dbed7d9b135b67b41aad343eba
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3cf990c5237589f7b0c2c565e84776f4a391f3344067878c698eee3d3e684ef3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07dc4757fc1640a5f82b173e8780365f7c6d27dbed7d9b135b67b41aad343eba
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA51C1A0A047D53DFB3683768845BBBBEE95B0A304F088489E1D9658D3C398BCC8D791
                                                                                                                                                                                                                                                                                                                                                      Function 000EACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 000EAD19
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 000EAD2E
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 000EAD8F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 000EADBB
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 000EADD8
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 000EAE17
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 000EAE38
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f7c9b8ce49fd09f94c45a48dfd2bf7efc35c437912a7b4e6812418e77a0f968
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3374e787dd3fca35d8b44750a13688bf5b8f37fda79794cfaa770753a30a6e6d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f7c9b8ce49fd09f94c45a48dfd2bf7efc35c437912a7b4e6812418e77a0f968
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE51E7A16087D53DFB3643358C95BBA7EE95F4B300F088489E1D6669C3D294FC88D752
                                                                                                                                                                                                                                                                                                                                                      Function 000B542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(000C3CD6,?,?,?,?,?,?,?,?,000B5BA3,?,?,000C3CD6,?,?), ref: 000B5470
                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 000B54EB
                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 000B5506
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,000C3CD6,00000005,00000000,00000000), ref: 000B552C
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,000C3CD6,00000000,000B5BA3,00000000,?,?,?,?,?,?,?,?,?,000B5BA3,?), ref: 000B554B
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,000B5BA3,00000000,?,?,?,?,?,?,?,?,?,000B5BA3,?), ref: 000B5584
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f8602600a58cfdfb8eab5f9530392f8c4a75817a5335d9b180369033015cd4ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e768ce1f8f46d7c908dbe0c00796381a2d148e052fb437c2429636274de71e4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8602600a58cfdfb8eab5f9530392f8c4a75817a5335d9b180369033015cd4ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3151CF70A00B48AFDB21CFA8DC55BEEBBF9EF09302F14415AE555E7291D7309A81CB60
                                                                                                                                                                                                                                                                                                                                                      Function 001010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0010307A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010304E: _wcslen.LIBCMT ref: 0010309B
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00101112
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00101121
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 001011C9
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 001011F9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c508e6faf3b1e837291e6e275822c8c3cee79c443843fabad7548a3dfddbc9ea
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 556f7457c167d10345bec79b6d9896562a8bd6b11f9ca71f07d90222a64a9e89
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c508e6faf3b1e837291e6e275822c8c3cee79c443843fabad7548a3dfddbc9ea
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A541C431600614AFDB189F24C884BEAB7E9FF45324F148059F9959B2D2C7B4ED81CBE1
                                                                                                                                                                                                                                                                                                                                                      Function 000ECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,000ECF22,?), ref: 000EDDFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,000ECF22,?), ref: 000EDE16
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 000ECF45
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 000ECF7F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000ED005
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000ED01B
                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 000ED061
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d461320e300460eb7f1da5b90562b8c0249213edbf3dd4b406b9e3e9d76c9050
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eece558f7b15112e1c03329b1040b24da53867fee728a33f68796716fbfa1b3e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d461320e300460eb7f1da5b90562b8c0249213edbf3dd4b406b9e3e9d76c9050
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB41547194525C9FDF12EBA5C981EDEB7F9AF48380F0000E6E509FB142EB35AA85CB50
                                                                                                                                                                                                                                                                                                                                                      Function 00112DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00112E1C
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00112E4F
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00112E84
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00112EB6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00112EE0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00112EF1
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00112F0B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a45f820eead927e2bbdcb562887c271af1790d7deca99d10a14fb83f7abe4f4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c44042cde9377598fcf76fdcff1e175e7f749f75ddf08fd6319f6bd2ec8b8e0a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a45f820eead927e2bbdcb562887c271af1790d7deca99d10a14fb83f7abe4f4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79311D30646250AFEB298F18DD84FE537E1EB9A721F1541A4F9108F2B2CB71ACA0DB40
                                                                                                                                                                                                                                                                                                                                                      Function 000E7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 000E7769
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 000E778F
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 000E7792
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 000E77B0
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 000E77B9
                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 000E77DE
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 000E77EC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1bf6a0185975bc179795ad7d030c999d65231ca6b9b8df5715f3cd3e34eac667
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 34d60af0dc37289c782dbc611be586eed8a49f7a454f0cdafd034f5ae444427a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bf6a0185975bc179795ad7d030c999d65231ca6b9b8df5715f3cd3e34eac667
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64218E76608219AFDF14DFA9CC88CFB77ECEB097647048025FA59EB151D670DC8287A0
                                                                                                                                                                                                                                                                                                                                                      Function 000E77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 000E7842
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 000E7868
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 000E786B
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 000E788C
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 000E7895
                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 000E78AF
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 000E78BD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 28a8e43c29237c3ea98f4deb545d234234c3d550846ffeb7eeeb14803b70420f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b9aa5503d48f457ad95073355cb00d5aa1c098b342962f60bf2a4c454b355fc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28a8e43c29237c3ea98f4deb545d234234c3d550846ffeb7eeeb14803b70420f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4221C131648214AFDF149FA9CD88DBA77ECEB183607108025F918DB2A1DA70DC81CB74
                                                                                                                                                                                                                                                                                                                                                      Function 000F04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 000F04F2
                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 000F052E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f3872786602b5db1423be08853125c3d7320efe8c12e934e07c68769fe89cb45
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 73aa53d7ee1e43727bce0f87bcb7aed18afd41d523b5c03c0052a68b897a7dca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3872786602b5db1423be08853125c3d7320efe8c12e934e07c68769fe89cb45
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C218271600709EBDF209F29DC04AAA77E4AF44B24F204A19F9A1D75E1D7B0D940DF60
                                                                                                                                                                                                                                                                                                                                                      Function 000F05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 000F05C6
                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 000F0601
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b538aaf40b735b033f5f77318d3fbea3104598dc261814c3fffa14d974f04618
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 433ebceaab35e5f9afe712651f57b3820ab4eda177730b55e31c7cd5f5067e6b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b538aaf40b735b033f5f77318d3fbea3104598dc261814c3fffa14d974f04618
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3621B5755003199BDB209F68CC04AAA77E8BF85724F204A19FEA1E76E1D7B09960DB50
                                                                                                                                                                                                                                                                                                                                                      Function 001140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0008600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0008604C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0008600E: GetStockObject.GDI32(00000011), ref: 00086060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0008600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0008606A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00114112
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0011411F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0011412A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00114139
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00114145
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 81e695307a5ba33d8a67d176a3576ddb49b1b322371f5f693f05eb7bcbd4b941
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 831150a36ae0c988e26e5d9bad67bc96965ff80fd5bc3730c7a70481dc86da28
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81e695307a5ba33d8a67d176a3576ddb49b1b322371f5f693f05eb7bcbd4b941
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0811B2B2140219BFEF119F64CC85EE77F5DEF09798F014120BA18A6190C7729C61DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 000BD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000BD7A3: _free.LIBCMT ref: 000BD7CC
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD82D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000), ref: 000B29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: GetLastError.KERNEL32(00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000,00000000), ref: 000B29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD838
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD843
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD897
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD8A2
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD8AD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD8B8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b6971c0deaedf020838120c9c5af380a20802f49dc7df6bf1ad76644540ee570
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4211D471985B04BBDA21BFB0CC47FCBBBDCAF05700F404C26B29EA6593FA65B5058660
                                                                                                                                                                                                                                                                                                                                                      Function 000EDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 000EDA74
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 000EDA7B
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 000EDA91
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 000EDA98
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 000EDADC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 000EDAB9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bc0646397986aef1b4cbe3d7349cc94942da65a6544b82e8c8464741a499c2a1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 911683b576b0949ac3351565a3d3260b4fdb42cea1a1c4bf8b0d979fb21435a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc0646397986aef1b4cbe3d7349cc94942da65a6544b82e8c8464741a499c2a1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B0186F6540208BFE7149BA0DE89EEB736CE708301F4044A2F706E2041E6749EC48FB5
                                                                                                                                                                                                                                                                                                                                                      Function 000F096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(00BCE050,00BCE050), ref: 000F097B
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00BCE030,00000000), ref: 000F098D
                                                                                                                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 000F099B
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 000F09A9
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000F09B8
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(00BCE050,000001F6), ref: 000F09C8
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00BCE030), ref: 000F09CF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aade4e178182862e6bd9dd70202722699861d05f9ca576a5e628eff1c07dfc97
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 041851a5f06d91231b3b755c21b0b404a5b7a34a21d9d4356cc3dbdbcb2378d5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aade4e178182862e6bd9dd70202722699861d05f9ca576a5e628eff1c07dfc97
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBF01932486A12BBD7555BA4EF88AE6BA39BF01702F406025F20290CA1D7B494A5DFD0
                                                                                                                                                                                                                                                                                                                                                      Function 00085D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00085D30
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00085D71
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00085D99
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00085ED7
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00085EF8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 55e4fad5922eb350d567af4d5ab0bfa67451d18a659065c60bcdf20af0ac7eae
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 58f21af0d366b08fa2f674fa38cc915342d07da58248826154198f93d71d6f09
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55e4fad5922eb350d567af4d5ab0bfa67451d18a659065c60bcdf20af0ac7eae
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBB17C34A0074ADBDB24DFA9C880BEEB7F1FF58311F14841AE8A9D7250DB34AA51DB50
                                                                                                                                                                                                                                                                                                                                                      Function 000B01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 000B00BA
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000B00D6
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 000B00ED
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000B010B
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 000B0122
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000B0140
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9a16ef79706b6e21a3eaae8e7e200b33b978cd810ba61e8625afb5cc45cfbcc2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6581C572A007069FE724AFA8CC42BEB73E9AF42764F24453EF551D7682E7B5D9008790
                                                                                                                                                                                                                                                                                                                                                      Function 00101D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00103149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0010101C,00000000,?,?,00000000), ref: 00103195
                                                                                                                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00101DC0
                                                                                                                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00101DE1
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00101DF2
                                                                                                                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00101E8C
                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(?,?,?,?,?), ref: 00101EDB
                                                                                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00101F35
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E39E8: _strlen.LIBCMT ref: 000E39F2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0009CF58,?,?,?), ref: 00086DBA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0009CF58,?,?,?), ref: 00086DED
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1923757996-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7f82e4eabe02c1bb00931672f67535e09115c489ef281117951525c382f0738c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 62f52e16bcc58d425a2dedd1f7671365c6ddb40094fe65ffd70a1e527f088981
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f82e4eabe02c1bb00931672f67535e09115c489ef281117951525c382f0738c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EA1DE70204341AFC724EB24C885EAA7BE5BF85318F54894CF4965B2E3CBB5ED46CB91
                                                                                                                                                                                                                                                                                                                                                      Function 000B61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,000A82D9,000A82D9,?,?,?,000B644F,00000001,00000001,8BE85006), ref: 000B6258
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,000B644F,00000001,00000001,8BE85006,?,?,?), ref: 000B62DE
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 000B63D8
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000B63E5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B3820: RtlAllocateHeap.NTDLL(00000000,?,00151444,?,0009FDF5,?,?,0008A976,00000010,00151440,000813FC,?,000813C6,?,00081129), ref: 000B3852
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000B63EE
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000B6413
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 14399dfab42d727af20444c0c5e50e3213032e82fba324cc485bf8a32d2d0cdd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ba36a54591f26574dc00668d2a1ddaa63d336fbd4e468cbae62ba32ed6f832a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14399dfab42d727af20444c0c5e50e3213032e82fba324cc485bf8a32d2d0cdd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E51E172A00616ABEB258F64DC81EFF77E9EB44B50F244629FD05D7141DB3ADD80C6A0
                                                                                                                                                                                                                                                                                                                                                      Function 0010BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0010B6AE,?,?), ref: 0010C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0010BCCA
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0010BD25
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0010BD6A
                                                                                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0010BD99
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0010BDF3
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0010BDFF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 601827aab27d8d1a83e93d6bd4fffdb9998bcdeb6577dab5e521a53af94545b2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 39158008c6c0acb11f68760d8b13410e5c46d1928880857a5722c37e0b22f39e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 601827aab27d8d1a83e93d6bd4fffdb9998bcdeb6577dab5e521a53af94545b2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA817D30208241AFD714EF64C885E6ABBE5FF84308F14856DF4998B2A2DB71ED45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000DF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000035), ref: 000DF7B9
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000001), ref: 000DF860
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(000DFA64,00000000), ref: 000DF889
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(000DFA64), ref: 000DF8AD
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(000DFA64,00000000), ref: 000DF8B1
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000DF8BB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7bb73a5e8ede86a01234c7bf485ad63897fa6b4d246c61841cf466b6b94db5ba
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 43424e74368699a14acf4965235d910ba7a73378545fb7a05d00cd69c1c72f0d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bb73a5e8ede86a01234c7bf485ad63897fa6b4d246c61841cf466b6b94db5ba
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D51C331940312BACF24AB65D8A5BB9B3A5AF45310B24D467E907DF392DB708C40D7B6
                                                                                                                                                                                                                                                                                                                                                      Function 000F910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00087620: _wcslen.LIBCMT ref: 00087625
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 000F94E5
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F9506
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F952D
                                                                                                                                                                                                                                                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 000F9585
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 360cc12f4ddc129097daa707b9737868b95421d9bdbe8d02efccc4ef6cb06c29
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5e1bbed5d3c612cbe98a2b8c23bb3fbf2121fcb90dc74b2236e9f8fd136f651f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 360cc12f4ddc129097daa707b9737868b95421d9bdbe8d02efccc4ef6cb06c29
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44E1B231508301CFD764EF24C881BAAB7E4BF85714F14896DF9899B2A2DB31ED05CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0009920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00099BB2
                                                                                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 00099241
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000992A5
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 000992C2
                                                                                                                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 000992D3
                                                                                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 00099321
                                                                                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 000D71EA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099339: BeginPath.GDI32(00000000), ref: 00099357
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 894db6dc859787a7368dbb8be72656d6c3fd0b5b6af91c195293758c408cbd9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7bdb8e0e7ecbafab4000b4823bb696db5594f0ab7406f5d2f1b4f8c38d17576a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 894db6dc859787a7368dbb8be72656d6c3fd0b5b6af91c195293758c408cbd9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7341B270144300EFDB21DF28CC84FAA7BF8EB56325F04462DF9558B2A2D7319885DB61
                                                                                                                                                                                                                                                                                                                                                      Function 000F07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 000F080C
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 000F0847
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 000F0863
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 000F08DC
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 000F08F3
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 000F0921
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 35e1de5342fcdb81a1fdf1a26404049b2ec7916c54221e302a0086a2d027cd75
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0337c537d8d492d62b110ebe699443d2b18961872e8991ff8fe388810532d58c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35e1de5342fcdb81a1fdf1a26404049b2ec7916c54221e302a0086a2d027cd75
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11416B71A00209EBDF14AF54DC85AAA77B8FF04310F1480A5ED00DA297DB70DE65EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 001181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,000DF3AB,00000000,?,?,00000000,?,000D682C,00000004,00000000,00000000), ref: 0011824C
                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 00118272
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 001182D1
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 001182E5
                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 0011830B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0011832F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 47742c69a4563769c4f5ddde3fb426bd4a54ae3f39c3b6f522a0f6ccf2474cce
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 14f88693205f34b9eb74c4a46a2160c2bce0e725c882009f1a147fbffa775297
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47742c69a4563769c4f5ddde3fb426bd4a54ae3f39c3b6f522a0f6ccf2474cce
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B41B234601A44EFDB2ACF14C899BE47BF1BB0A715F1881B9E5184F2A2CB71ACC1CB50
                                                                                                                                                                                                                                                                                                                                                      Function 000E4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 000E4C95
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 000E4CB2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 000E4CEA
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000E4D08
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 000E4D10
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 000E4D1A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d4a77dad209ade732498bf14ab975468865eebedf3ba8db8d3be45a6a809cfdb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd03e21921eea513b9488432c87a365b1f734d0935b4fe7af4ed275d6046efd4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4a77dad209ade732498bf14ab975468865eebedf3ba8db8d3be45a6a809cfdb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC212632208240BFEB695B3AAC49EBF7BDCDF45750F108039F805DA292EA71DC40D2A0
                                                                                                                                                                                                                                                                                                                                                      Function 000F581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00083AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00083A97,?,?,00082E7F,?,?,?,00000000), ref: 00083AC2
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F587B
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 000F5995
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0011FCF8,00000000,00000001,0011FB68,?), ref: 000F59AE
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 000F59CC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f1b55e22822249484456066a7091360d08af718faea752dcff78872da05069ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 70021e760951ed9555e459a2300d7715133a0907557536c7fcb334c6f8b20203
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1b55e22822249484456066a7091360d08af718faea752dcff78872da05069ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4D175706087059FC714EF14C880A6ABBE1FF89715F14885DFA899B762DB31EC45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000E175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 000E0FCA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 000E0FD6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 000E0FE5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 000E0FEC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 000E1002
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,000E1335), ref: 000E17AE
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 000E17BA
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 000E17C1
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 000E17DA
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,000E1335), ref: 000E17EE
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E17F5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67690cb20107b0a95c8b0e9e8347d6d05b56ca94d6d3c8001238a1a8ddb711a8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 23eda590aae0696149a8b900444b47f4f7e9ffa3f6c46bd66fa3e74fb3cedfa3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67690cb20107b0a95c8b0e9e8347d6d05b56ca94d6d3c8001238a1a8ddb711a8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4211BB32688605FFDB249FA5CD49BEE7BF9EF45755F108058F881A7210C736A980CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 000E14FF
                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 000E1506
                                                                                                                                                                                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 000E1515
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 000E1520
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 000E154F
                                                                                                                                                                                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 000E1563
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6898b18cc57db236053dad7b5534aa23eee86c8bd5ab6809cb4947e444cd174c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 99e1308d8548bbfb270b5847e6a6e3b831ccbef4239b58f3fd0d2c974712172c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6898b18cc57db236053dad7b5534aa23eee86c8bd5ab6809cb4947e444cd174c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D11129B2540249EFDF118F98DE49BDE7BA9FF48744F048015FA05A21A0C3758EA0DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000A3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,000A3379,000A2FE5), ref: 000A3390
                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 000A339E
                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 000A33B7
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,000A3379,000A2FE5), ref: 000A3409
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3bf645c5796eca6fae005484db00fe7f97c412dddb44455136907da4cc9cdae9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8ecc42389d5f79b86925d21fc45ffdcc95087d629b4095750acf0810e350c5f4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bf645c5796eca6fae005484db00fe7f97c412dddb44455136907da4cc9cdae9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B501473B60E311BEAAA827F47C855AB2AD4EB073793204229F520826F2EF114E415184
                                                                                                                                                                                                                                                                                                                                                      Function 000B2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,000B5686,000C3CD6,?,00000000,?,000B5B6A,?,?,?,?,?,000AE6D1,?,00148A48), ref: 000B2D78
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2DAB
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2DD3
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,000AE6D1,?,00148A48,00000010,00084F4A,?,?,00000000,000C3CD6), ref: 000B2DE0
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,000AE6D1,?,00148A48,00000010,00084F4A,?,?,00000000,000C3CD6), ref: 000B2DEC
                                                                                                                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 000B2DF2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d91699b3a1cabaee56b8fe7a6b0436f650389c0d5e1f2cd138b204ebe94a328a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c748c30bf3af869ccc3454419de7d9f7f39193fb96c4c4a1e9a1c3cd3756d854
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d91699b3a1cabaee56b8fe7a6b0436f650389c0d5e1f2cd138b204ebe94a328a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2F0F636545A0077C6A63778BC0AEDF2AA9BFC6BA1F354518F838D65E7EF248C4141A0
                                                                                                                                                                                                                                                                                                                                                      Function 00118A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00099693
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099639: SelectObject.GDI32(?,00000000), ref: 000996A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099639: BeginPath.GDI32(?), ref: 000996B9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099639: SelectObject.GDI32(?,00000000), ref: 000996E2
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00118A4E
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000003,00000000), ref: 00118A62
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00118A70
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000000,00000003), ref: 00118A80
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00118A90
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00118AA0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd0a8ba14cd007ca2a691cfa3ea914873a91cc568e6ccb98bbd354a177476b0b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ce74fd383d0279fe844d546b4620d798771a4fbc931b4635f5899f4594d25ce7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd0a8ba14cd007ca2a691cfa3ea914873a91cc568e6ccb98bbd354a177476b0b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D11F776040118FFDB129F94DC88EEA7F6CEB08354F00C422BA199A5A1C7719D95DFA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 000E5218
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 000E5229
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 000E5230
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 000E5238
                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 000E524F
                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 000E5261
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0435afc2b68f406056f7e8a1ee18fa9eaa18e2ef4c4a9acbbefb795a2ee7f6e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 37be57d812d3ad5e2d3a7d6bf790066259538ba22ef5ed129e07b8a37bf8b351
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0435afc2b68f406056f7e8a1ee18fa9eaa18e2ef4c4a9acbbefb795a2ee7f6e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B01A275E40708BBEB149BA69D49E9EBFB8EF48351F048065FA08A7381D670DC00CFA0
                                                                                                                                                                                                                                                                                                                                                      Function 00081BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00081BF4
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00081BFC
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00081C07
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00081C12
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 00081C1A
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00081C22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e3938118b3f34ffa7a59bebca202c0e07ff228b50910b0bddfd15be3a4e547b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c9c2711cdac7fbb50c53e39a1a9f24dec6b3dfa74b463324f21354566886e4b4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e3938118b3f34ffa7a59bebca202c0e07ff228b50910b0bddfd15be3a4e547b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D016CB0942759BDE3008F5A8C85B52FFA8FF19354F00411B915C47A41C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                      Function 000EEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 000EEB30
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 000EEB46
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 000EEB55
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 000EEB64
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 000EEB6E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 000EEB75
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be314ace50cec5ad002f0ae604de45768733cd860e0da6cd93bbd53ede022654
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f25b4d3dec78524671e9cffa90d2e11471c9df5fcd6aa0348a2940fe5c22df63
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be314ace50cec5ad002f0ae604de45768733cd860e0da6cd93bbd53ede022654
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8F09A72280168BFE7255B62DD0EEEF3A7CEFCAB11F008158F601E1190E7A01A41CAF4
                                                                                                                                                                                                                                                                                                                                                      Function 000D7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 000D7452
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 000D7469
                                                                                                                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 000D7475
                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 000D7484
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 000D7496
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 000D74B0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9e9ac80c59fcb43652b38f608c49f984cf5860a9a37ed98dddd78541c9f915a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 45a2cb605b3affe5f279b5cde1d3063d02a6569f92bb8c344d4830be9b909a0b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9e9ac80c59fcb43652b38f608c49f984cf5860a9a37ed98dddd78541c9f915a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD01AD31540215FFDB915F64DD08BEEBBB6FF04321F508064F919A26A0DB311E81EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 000E187F
                                                                                                                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 000E188B
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000E1894
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000E189C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 000E18A5
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E18AC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0bdf7d4feb1ac461054064e627667405f44b47765b5ced8a3741361d871000a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6b99b20c525aba4bc4a583469f58a89aec820b12051bad9bb52f7d60c658bb82
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0bdf7d4feb1ac461054064e627667405f44b47765b5ced8a3741361d871000a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6E0ED36484611FBD7055FA1EE0C985BF39FF49721710C220F22581870CB7254A0DF90
                                                                                                                                                                                                                                                                                                                                                      Function 00107B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A0242: EnterCriticalSection.KERNEL32(0015070C,00151884,?,?,0009198B,00152518,?,?,?,000812F9,00000000), ref: 000A024D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A0242: LeaveCriticalSection.KERNEL32(0015070C,?,0009198B,00152518,?,?,?,000812F9,00000000), ref: 000A028A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A00A3: __onexit.LIBCMT ref: 000A00A9
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00107BFB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A01F8: EnterCriticalSection.KERNEL32(0015070C,?,?,00098747,00152514), ref: 000A0202
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A01F8: LeaveCriticalSection.KERNEL32(0015070C,?,00098747,00152514), ref: 000A0235
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: +T$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 535116098-3400515646
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 42ee5df641e9272d4008efdbec26f2f4b3b91816842e36203eb3beda435d1727
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0ddba232597bea6642a892ddc455d457b432d08463924a72edbd70b510434a00
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42ee5df641e9272d4008efdbec26f2f4b3b91816842e36203eb3beda435d1727
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7918B70A04209EFCB04EF94D9919FDB7B1BF49300F148059F886AB2D2DBB1AE85CB51
                                                                                                                                                                                                                                                                                                                                                      Function 000EC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00087620: _wcslen.LIBCMT ref: 00087625
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 000EC6EE
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000EC735
                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 000EC79C
                                                                                                                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 000EC7CA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 933bdce07a3137a63e05a1b11d71efefc36edfbb9523cf7536eafd87f25bf221
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4fb2f2f2f1937987643501eccf17ebed7ce5754244a110a73b8195013e0e101
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 933bdce07a3137a63e05a1b11d71efefc36edfbb9523cf7536eafd87f25bf221
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E51F0716083809FE7959F2AC844FAB77E4AF45314F04092DF8E1E2191DB72CC468B52
                                                                                                                                                                                                                                                                                                                                                      Function 0010AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 0010AEA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00087620: _wcslen.LIBCMT ref: 00087625
                                                                                                                                                                                                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 0010AF38
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0010AF67
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 60f9041f06bc251fc2e328b5e22d10667614f156212af4d3bee099c193f08471
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0fcfb1037f2f89d9a71576bff270e36668d51d776c6ae4a417b57f69d544d664
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60f9041f06bc251fc2e328b5e22d10667614f156212af4d3bee099c193f08471
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45717E71A00615DFCB14EF54C484A9EBBF0FF08314F548499E89AAB792C7B4ED41CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 000E719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 000E7206
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 000E723C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 000E724D
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 000E72CF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ced5641302568bc579f1e739d61a94edd2ac812f3323880a97c842f5dbf15e2c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5ab65dc4ddef5fd40f89501ef34e8d2d61d95fecd8b8147154681b55eadfa6f7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ced5641302568bc579f1e739d61a94edd2ac812f3323880a97c842f5dbf15e2c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 804191B1A04245EFDB25CF55C884A9A7BF9EF44310F1480ADBE09AF20AD7B1DD45CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00113D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00113E35
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00113E4A
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00113E92
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00113EA5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f590432042b09f5c7241ac599d28e0800d64388b50c483744780eb1b08f669e7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c9d07fa446a744f935d16e06c413fd226399d3c3adaff32faf677fe4c53adf1c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f590432042b09f5c7241ac599d28e0800d64388b50c483744780eb1b08f669e7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03413C75A01309EFDB18DF54D884ADABBB5FF45354F044129E92597290D730AE85CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000E1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 000E3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 000E1E66
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 000E1E79
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 000E1EA9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5374465e879b1af3415fe1f2ae10d00d26ec23342d2fc89de07676bb55b0de09
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 381b4752e2be0ed89a5a2cc3b68c6381d82ef25ddf86689c7780c910ab84ee97
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5374465e879b1af3415fe1f2ae10d00d26ec23342d2fc89de07676bb55b0de09
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49213571A00144BFDB18AB71DC4ACFFB7B9EF41360B144129F822B32E2EB3549498760
                                                                                                                                                                                                                                                                                                                                                      Function 0010C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-4004644295
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 97374c07995a21a19f5c02bb3e017091798dbae32a99975ea1881ad9b73a8aef
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5b435197819fac74893a5d5833354c7afbb6d512d32072bda15ed608e822c59
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97374c07995a21a19f5c02bb3e017091798dbae32a99975ea1881ad9b73a8aef
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E31D772B0016ACBCB20EF6C99501BF33926BA1750B564229E8D56B2D5FBF1CD449BE0
                                                                                                                                                                                                                                                                                                                                                      Function 00112F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00112F8D
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00112F94
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00112FA9
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00112FB1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 100c87d2458eec1dc82ce20018d18a56fe3800443d9d7b8bb6a8c3751c91abff
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7861c12522e398c2ab2ffd374d07f9789ad990e372e151db97bbf2a0e1077c66
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 100c87d2458eec1dc82ce20018d18a56fe3800443d9d7b8bb6a8c3751c91abff
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09218C7120420AABEB194F64DC84FFB77B9EB59364F104628F950D61A0D771DCE29760
                                                                                                                                                                                                                                                                                                                                                      Function 000A4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,000A4D1E,000B28E9,?,000A4CBE,000B28E9,001488B8,0000000C,000A4E15,000B28E9,00000002), ref: 000A4D8D
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 000A4DA0
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,000A4D1E,000B28E9,?,000A4CBE,000B28E9,001488B8,0000000C,000A4E15,000B28E9,00000002,00000000), ref: 000A4DC3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: df4905a63d2bf40658be3fd11564392fcedf9bc2f2291a221c57fdebe43afa28
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b24fa25aee86347f2840f81268712b2b44419242e56a6e5f9a1ad37367694901
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df4905a63d2bf40658be3fd11564392fcedf9bc2f2291a221c57fdebe43afa28
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F0AF39A80218FBDB159F94DC49BEDBBF4EF84711F0041A8F805A2660DB709980CAD0
                                                                                                                                                                                                                                                                                                                                                      Function 00084E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00084EDD,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084E9C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00084EAE
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00084EDD,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084EC0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd13ad394048534d67af892077cb009c3057fb68fd350d6612e3b25ad5ea4583
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d086ba7735fd62a985085118da7bdae52acfa2c236c5104d7e830a4aea855ca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd13ad394048534d67af892077cb009c3057fb68fd350d6612e3b25ad5ea4583
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBE0CD35A81533EBD2752B256C18BDF66D4BF81F627054115FC00E2110DB60CD4145E0
                                                                                                                                                                                                                                                                                                                                                      Function 00084E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,000C3CDE,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084E62
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00084E74
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,000C3CDE,?,00151418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00084E87
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8cdb7d9d3b07f9bebf7fa92b3c16ab6f20670166a1246641ee9d5cc7880048ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 43af7939c644d6430deeb0712c04b8152dfaa5d9031c52e54743acab9ce0d5ad
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cdb7d9d3b07f9bebf7fa92b3c16ab6f20670166a1246641ee9d5cc7880048ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3D0C231582632A786262B246C08DCB2A58BF81B513054130B840E2510DF20CD4186D0
                                                                                                                                                                                                                                                                                                                                                      Function 000F2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 000F2C05
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 000F2C87
                                                                                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 000F2C9D
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 000F2CAE
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 000F2CC0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b757a603065177f7c1d5aba9c0d665c0292fc7c0334c650827c0690e8c66d6f3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7f79674fbd2a0772099e1565786154a044cc39420190fe3dea8c97c908fe383a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b757a603065177f7c1d5aba9c0d665c0292fc7c0334c650827c0690e8c66d6f3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BB14071D0011DABDF25EBA4CC85EEE7BBDEF49350F1040A6F609E6152EB309A449FA1
                                                                                                                                                                                                                                                                                                                                                      Function 0010A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0010A427
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0010A435
                                                                                                                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0010A468
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0010A63D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6de70fbeefc9aa109cea2aa15efdceba9318e0db289cddc0cbd33432b7dfd3ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bbd9b8acc61c115c5dc8985dcacddb86b2022c22aac78412f0fba910f5eb73a2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6de70fbeefc9aa109cea2aa15efdceba9318e0db289cddc0cbd33432b7dfd3ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9A1AF71604301AFE720EF24D886F6AB7E1BF84714F54881CF59A9B2D2D7B1EC418B92
                                                                                                                                                                                                                                                                                                                                                      Function 000EE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,000ECF22,?), ref: 000EDDFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,000ECF22,?), ref: 000EDE16
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EE199: GetFileAttributesW.KERNEL32(?,000ECF95), ref: 000EE19A
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 000EE473
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 000EE4AC
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000EE5EB
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000EE603
                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 000EE650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4828d4f055996bd6a8e1138cd6a6b153b6ecb2be760d61c747ab8a7bb21a66b2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1da25af671c78b90341078b026ca2a2e50ab63e93eb312a30d1e6f86322c1cb3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4828d4f055996bd6a8e1138cd6a6b153b6ecb2be760d61c747ab8a7bb21a66b2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 575141B25083C99FC764EB90D8819DBB3ECAF85350F00492EF589A3192EE75A5888756
                                                                                                                                                                                                                                                                                                                                                      Function 0010B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0010B6AE,?,?), ref: 0010C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010C998: _wcslen.LIBCMT ref: 0010CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0010BAA5
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0010BB00
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0010BB63
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 0010BBA6
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0010BBB3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2857fb85832dd819b9d642f85bdd5dd20f87f316f6e1b655b7d45406039bcd10
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd4d34a6e04b056bf893db207aa817c890eeb8a61a3835d239d84fa009d559c8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2857fb85832dd819b9d642f85bdd5dd20f87f316f6e1b655b7d45406039bcd10
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98614931208241AFD714EF24C491E6ABBE5FF84308F54896DF4998B2A2DB71ED45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000E8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 000E8BCD
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 000E8C3E
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 000E8C9D
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000E8D10
                                                                                                                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 000E8D3B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 44ef052d7308a075abcbce39516fe3f7ff2fdd65e1e0ab6be37f9693eaec2e90
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab304f6ce34b7ab3c26bcdf0c949d94b4b022b7b0241fe5e7dbf1394e2a26f93
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44ef052d7308a075abcbce39516fe3f7ff2fdd65e1e0ab6be37f9693eaec2e90
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D25169B5A00659EFCB14CF69C884AAAB7F9FF89310F158559E909EB350E730E911CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000F8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 000F8BAE
                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 000F8BDA
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 000F8C32
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 000F8C57
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 000F8C5F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1abab3bfa46eccfaf317a27ec05390ec4befbea7d1e9d12afad3ea6de2d6e33c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d632f4dbce69e7ce59735875a611b3d160262171e02cc316e1161019b4b91aaf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1abab3bfa46eccfaf317a27ec05390ec4befbea7d1e9d12afad3ea6de2d6e33c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F514835A006199FCB04EF64C880AADBBF5FF48314F08C058E949AB362DB31ED41DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00108EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00108F40
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00108FD0
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00108FEC
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00109032
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00109052
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,000F1043,?,753CE610), ref: 0009F6E6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,000DFA64,00000000,00000000,?,?,000F1043,?,753CE610,?,000DFA64), ref: 0009F70D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eda7f06593295de496fb8d18932481ff70708266fe534b0c65ff37879d39a4d9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 99c0c009c99316d8e7da4b812e665f046a00d3b9803de93739a42bd988903c34
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eda7f06593295de496fb8d18932481ff70708266fe534b0c65ff37879d39a4d9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0515E34604205DFC715EF68C4948EDBBF1FF49314B4980A8E8859B7A2DB71ED85CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00116B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00116C33
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00116C4A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00116C73
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,000FAB79,00000000,00000000), ref: 00116C98
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00116CC7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: af77f052136ceaca51f8b808ed7e33ffffa7984d3591f7e931d50ef191e21dbc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f75817a08d3da9afb7fb7f657d2759bb0fcfdd71c4aed2beb424541666a598bf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af77f052136ceaca51f8b808ed7e33ffffa7984d3591f7e931d50ef191e21dbc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB419035A04114AFDB2CCF28CD58FE97BA5EB09350F154278F999A72E0D372AD81DA90
                                                                                                                                                                                                                                                                                                                                                      Function 000B2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ed8739c734479025ea861a7d20e20f62b299c39365b31f3fd05817563f13ec02
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d0a764dd649503907719c7e1189fd46cc8e62dd14fe6057fe5200afa5dd6bcc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed8739c734479025ea861a7d20e20f62b299c39365b31f3fd05817563f13ec02
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B41E476A00200AFCB24EF78C881ADDB7F5EF89314F154568E615EB356DB31AD01DB80
                                                                                                                                                                                                                                                                                                                                                      Function 0009912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00099141
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 0009915E
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00099183
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 0009919D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 15bd0e3e29bcb7bf002c8112c851f8fcd1b9f0d52a3ecf84a7425954459c7c97
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eafe1f77eefef6cb62dc4b379c4fe95f3e67c404a7be9c50caaefbe5d5defad9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15bd0e3e29bcb7bf002c8112c851f8fcd1b9f0d52a3ecf84a7425954459c7c97
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7141547560861AFBDF199F68C844BEDB7B5FF05320F10831AE429A72D0D7305990DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 000F3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 000F38CB
                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 000F3922
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 000F394B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 000F3955
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 000F3966
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e2ebc6573e3b4840f02466ed56b5efc3bee4bfbb6c43d75029bd7cf93ec8f66f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 78dc39a0aa8b4beb7687557ce13be062c16cee52a8d2fc205910577f5dcc0429
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2ebc6573e3b4840f02466ed56b5efc3bee4bfbb6c43d75029bd7cf93ec8f66f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D310B7050834AEEEB76CB34D808BB637E8AB01365F04055DE662C6DD0E7F49AC5EB11
                                                                                                                                                                                                                                                                                                                                                      Function 000FCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,000FC21E,00000000), ref: 000FCF38
                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 000FCF6F
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?,000FC21E,00000000), ref: 000FCFB4
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,000FC21E,00000000), ref: 000FCFC8
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,000FC21E,00000000), ref: 000FCFF2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ff79963f459981c8809427b525f80cbed586093724c22569c6a508a4a5c2a04
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2e2a8aa4304f629e213886422e7c9693db36d5b97d20448becee974d1502e366
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ff79963f459981c8809427b525f80cbed586093724c22569c6a508a4a5c2a04
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E315E7150420DAFEB24DFA5CA85DBEBBF9EB14310B10443EE606D2941D730AD44EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000E1915
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 000E19C1
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 000E19C9
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 000E19DA
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 000E19E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dee3087cd350e0c54d2e94969da746e354f266e87c45f706b14d686b50e3e1c1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 055e4708c8211d084564b99e8a80463ad7c5473d985dd0a20daefde689f51b45
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dee3087cd350e0c54d2e94969da746e354f266e87c45f706b14d686b50e3e1c1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD31D171A00259EFCB14CFA9CD99AEE3BB5EB44315F108229F921EB2D2C7709D44CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00115706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00115745
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0011579D
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001157AF
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001157BA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00115816
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bc64c8a648fa1e59d280c2185f204e9093ad82686c55047cbf06555065335411
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2ef4ef0332a817e17c2ebb6055779c300d1d2016e0d50c5a92ffe25ab8d5bc91
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc64c8a648fa1e59d280c2185f204e9093ad82686c55047cbf06555065335411
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7521B931904618DADB249FA0CC85AEE7779FF84324F108126F919DB1C0E77089C5CF50
                                                                                                                                                                                                                                                                                                                                                      Function 00100930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00100951
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00100968
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 001009A4
                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 001009B0
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 001009E8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b21405aac3242def45244a13f06757a0cbdd9f83daf1941fe36148a324fcea55
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 927c6350445a5fd2a3020c18a812f60e6c773c8f69f25570b7eb4683ae5f8a82
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b21405aac3242def45244a13f06757a0cbdd9f83daf1941fe36148a324fcea55
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63218E75600214AFD704EF65DD84AEEBBF9FF48704F048068E98A977A2CB70AC44DB90
                                                                                                                                                                                                                                                                                                                                                      Function 000BCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 000BCDC6
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000BCDE9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B3820: RtlAllocateHeap.NTDLL(00000000,?,00151444,?,0009FDF5,?,?,0008A976,00000010,00151440,000813FC,?,000813C6,?,00081129), ref: 000B3852
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 000BCE0F
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BCE22
                                                                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 000BCE31
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ef7b45964df2553fef104b3a15f3187c9c248b7c9612758f884b034082886efc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e60ee3ffe4055353589510c2cfdc9d0d501a9af8d5ba20f5b44a0067a946c8f9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef7b45964df2553fef104b3a15f3187c9c248b7c9612758f884b034082886efc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58018F72602255BF33211ABA6C88DFF6AADEFC6BA13154129F915DB201EA61CD0181F1
                                                                                                                                                                                                                                                                                                                                                      Function 00099639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00099693
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 000996A2
                                                                                                                                                                                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 000996B9
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 000996E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3ba77dd9e023f490a17c67ac9eb971a5bebe669c8aac1cb7cf02561fcab9929f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0562ef6fe6d490b9af8aef29fa28b18e4dbdc0ab4f01eae0caad56bcf8d72c1c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ba77dd9e023f490a17c67ac9eb971a5bebe669c8aac1cb7cf02561fcab9929f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A218E70802305FBDF129F68ED087ED3BA9BB1136AF10421AF451AA5B0D37099D1DB94
                                                                                                                                                                                                                                                                                                                                                      Function 000E5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d48191d8bffa3d0dee18b2bced64754ff16fbe6bb09ae9a5f81289cb530bc64e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 41652e8387b56b2633c53c3ac5fbe62d6683071cd0ef8dd8e33b347f140a220e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d48191d8bffa3d0dee18b2bced64754ff16fbe6bb09ae9a5f81289cb530bc64e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC01F972249A05FFD61C9512AD42FFB739C9B61399F000434FD04BA241F760EE6192E0
                                                                                                                                                                                                                                                                                                                                                      Function 000B2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,000AF2DE,000B3863,00151444,?,0009FDF5,?,?,0008A976,00000010,00151440,000813FC,?,000813C6), ref: 000B2DFD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2E32
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2E59
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00081129), ref: 000B2E66
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00081129), ref: 000B2E6F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e001b1109036b823b76eaf5d357dff42dcc8319ad6d205ba36226ec05139445
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 468cb89fc7f665bc00f8c3d90b583b7dd2c36fc81e4e154deb5280589d550e5c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e001b1109036b823b76eaf5d357dff42dcc8319ad6d205ba36226ec05139445
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65012836245A0077C62367766C46DEF26ADFBD57B1B214428F835A32E3EF34CC414060
                                                                                                                                                                                                                                                                                                                                                      Function 000E000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?,?,?,000E035E), ref: 000E002B
                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?,?), ref: 000E0046
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?,?), ref: 000E0054
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?), ref: 000E0064
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000DFF41,80070057,?,?), ref: 000E0070
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9e216e759335cd386a21afa2af217372321c3a8b274ff915eaf6190cec3e756
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 698afce3048f5a6365ebb72b0e348f22677623d7c10d694858e0953b981947be
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9e216e759335cd386a21afa2af217372321c3a8b274ff915eaf6190cec3e756
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0201A272640204BFDB109F6ADD44BEA7AEDEF44751F148129F905E2210D7B1DD808BA0
                                                                                                                                                                                                                                                                                                                                                      Function 000EE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 000EE997
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 000EE9A5
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 000EE9AD
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 000EE9B7
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 000EE9F3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f1b09e1ef4718b2aba7e4321665aff8c62d702dbfe7360bd273ef6ef0bf2939
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d037779b66b1a6dfa2e5ce3b472e9ffb945663a76a07eb61b894cb39555079e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f1b09e1ef4718b2aba7e4321665aff8c62d702dbfe7360bd273ef6ef0bf2939
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2016931D416ADEBCF44AFE6DD49AEDBBB8FF09300F004556E502B2242CB309590CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 000E10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 000E1114
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E1120
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E112F
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,000E0B9B,?,?,?), ref: 000E1136
                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 000E114D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b4997dcab59167e14cbe47102a27864d502d29e6c35adf7c42dad3b8732711d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b0875850730bc6b544ae182de32d0d372bf04ad43d564d7c88864cb24834ab98
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4997dcab59167e14cbe47102a27864d502d29e6c35adf7c42dad3b8732711d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B018179140305BFDB154F65DD49EAA3FAEFF85360B104454FA41D3350DB71DC408AA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 000E0FCA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 000E0FD6
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 000E0FE5
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 000E0FEC
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 000E1002
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c7333c7a820001e6d0c1c20a0963bad20b9c5311350b9b0c471d3f6699d0e8a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8fbafcfdab20902b4e0d81a31a1879381378cd4484623f232a7571bb0056cfd1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c7333c7a820001e6d0c1c20a0963bad20b9c5311350b9b0c471d3f6699d0e8a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3F04F39180351FFD7254FA59D49F963BAEEF89761F118414F945D6291CA70DC808AA0
                                                                                                                                                                                                                                                                                                                                                      Function 000E1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 000E102A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 000E1036
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 000E1045
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 000E104C
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 000E1062
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 401a9eb259b5a1a40c098612ade117264715256b8748e40db1a48860ceedce5f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f8f3b8ec19274ed80c20f7dba527538d161be336456ab02156c26ed00333c2e1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 401a9eb259b5a1a40c098612ade117264715256b8748e40db1a48860ceedce5f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFF0CD39280301FFDB211FA5ED48F963BAEFF89761F214424FA05D7650CA70D8908AA0
                                                                                                                                                                                                                                                                                                                                                      Function 000F030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,000F017D,?,000F32FC,?,00000001,000C2592,?), ref: 000F0324
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,000F017D,?,000F32FC,?,00000001,000C2592,?), ref: 000F0331
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,000F017D,?,000F32FC,?,00000001,000C2592,?), ref: 000F033E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,000F017D,?,000F32FC,?,00000001,000C2592,?), ref: 000F034B
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,000F017D,?,000F32FC,?,00000001,000C2592,?), ref: 000F0358
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,000F017D,?,000F32FC,?,00000001,000C2592,?), ref: 000F0365
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8002c101947bf044a47db2b6149c7155a6a7ebf8dced6a8d61caeddcbdd81289
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5569c31c45e179ed237c11f247a4f6bae0fb0d06f13e2cffd81c6886e363cbf3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8002c101947bf044a47db2b6149c7155a6a7ebf8dced6a8d61caeddcbdd81289
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C01A272800B199FC7309F66DC80822F7F9BF503153158A3FD29652932C371AA54DF80
                                                                                                                                                                                                                                                                                                                                                      Function 000BD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD752
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000), ref: 000B29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: GetLastError.KERNEL32(00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000,00000000), ref: 000B29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD764
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD776
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD788
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000BD79A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8bdd7b420d336f68144cf202ba0b3f405f3af0df65b0d73bfe5f7191c783ae5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd75f30f5ba5ab791c9df8dfc12285a96321490edb15dfb5ce5ab222be03000d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bdd7b420d336f68144cf202ba0b3f405f3af0df65b0d73bfe5f7191c783ae5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBF01236589205BB86A5EB64F9C5CDAB7DDFB457107940C06F148D7912EB30FC8086A4
                                                                                                                                                                                                                                                                                                                                                      Function 000E5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 000E5C58
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 000E5C6F
                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 000E5C87
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 000E5CA3
                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 000E5CBD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ce041d3ed6e27754334a438d5ee2d58db31a77a1eb851729d331dafbd67da894
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 311fcda2bbf78b3249268fcfda033f84666f51786258c0f6cf1b84beb841b380
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce041d3ed6e27754334a438d5ee2d58db31a77a1eb851729d331dafbd67da894
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E016D30540B44AFEB285B11DE5EFE677B8BB44B0AF004959A683B15E1DBF0A984CA90
                                                                                                                                                                                                                                                                                                                                                      Function 000B22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B22BE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000), ref: 000B29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B29C8: GetLastError.KERNEL32(00000000,?,000BD7D1,00000000,00000000,00000000,00000000,?,000BD7F8,00000000,00000007,00000000,?,000BDBF5,00000000,00000000), ref: 000B29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B22D0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B22E3
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B22F4
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B2305
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e41fffb888dc17836e08a53d3a749fbf40917f6f93cefdfe0eca03247698f1f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9fe4c31148f1015bac9ec3eacd2ac1d35d0d97a0f034176443acf498d8d1ed30
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e41fffb888dc17836e08a53d3a749fbf40917f6f93cefdfe0eca03247698f1f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5F0F475801311FF8693AF94BC019DC3BA5F719B62B150A07F418DAA72C73109D19FE5
                                                                                                                                                                                                                                                                                                                                                      Function 000995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 000995D4
                                                                                                                                                                                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,000D71F7,00000000,?,?,?), ref: 000995F0
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00099603
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 00099616
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00099631
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ab3a77e52c08308106a27e00e17833cd6281dd38064d29e16a6ef64926443424
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 99c04e9807ab4ddb873e5042e65df7f092ab2856c29da6cfb3cfdb1e650df51b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab3a77e52c08308106a27e00e17833cd6281dd38064d29e16a6ef64926443424
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88F03C34045704FBDB275F69EE1C7A93BA1AB05327F048618F465998F0C73089D1EFA4
                                                                                                                                                                                                                                                                                                                                                      Function 000B0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 626345b248ed52627a2a323615e35ac1613c7e7f608a398f4b0a4771fa5d8512
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 94f475434e9f24acb3b98b26ef694ee2452ba192b45622353f8903fd0304f4dc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 626345b248ed52627a2a323615e35ac1613c7e7f608a398f4b0a4771fa5d8512
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACD14971910206DACB749F68C875BFEB7F1FF06B00FA84119E901AB691E3759E80CB91
                                                                                                                                                                                                                                                                                                                                                      Function 000B8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 000B8B6E
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 000B8B7A
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000B8B81
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2434981716-1232320464
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fc105b72bd53d540b3d905abe1a1d4d254bd1a46f01a1e305da67c3a2274f080
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2bb7e916b857d5bc4bbdc09af203e48fb66ca1f7764f35f970def0480162090d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc105b72bd53d540b3d905abe1a1d4d254bd1a46f01a1e305da67c3a2274f080
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 724149B0604145AFDB259F68D890EFD7FEADB45304B28C1AAF4858B662DF318C42C790
                                                                                                                                                                                                                                                                                                                                                      Function 000E2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,000E21D0,?,?,00000034,00000800,?,00000034), ref: 000EB42D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 000E2760
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,000E21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 000EB3F8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EB32A: GetWindowThreadProcessId.USER32(?,?), ref: 000EB355
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,000E2194,00000034,?,?,00001004,00000000,00000000), ref: 000EB365
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,000E2194,00000034,?,?,00001004,00000000,00000000), ref: 000EB37B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 000E27CD
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 000E281A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6868aae330c88b63fb9c4d96dcbf6744a2f98452b6cc61e00193c2894c62065
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 117d16a3e3fc55bfa461bbc751345653d2551f8683cc0b27cf094c695fea7606
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6868aae330c88b63fb9c4d96dcbf6744a2f98452b6cc61e00193c2894c62065
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1412E72901218AFDB10DFA5CD46AEEBBB8EF09700F104055FA95B7191DB706E85CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 000B172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\LbgqLv7gT7.exe,00000104), ref: 000B1769
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B1834
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000B183E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\LbgqLv7gT7.exe
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-3992851197
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8a85040bfb0239c390f7fba8e6304b3c1ffc7328847f59f0398a62d7a4d508f1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 47c6e13816a38af4d37cc06ed06dc168ab88a4942e1539fd9325dad1b4ef2b70
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a85040bfb0239c390f7fba8e6304b3c1ffc7328847f59f0398a62d7a4d508f1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62316075A44218FFDB22DF999895DDEBBFCEB85310F6441A6F814D7211DA708E80CB90
                                                                                                                                                                                                                                                                                                                                                      Function 000EC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 000EC306
                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 000EC34C
                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00151990,00BD56C0), ref: 000EC395
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bc58d93b9fe2e97efc63a436bcbec620ffb1e55e858a06758fae418826037f17
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3515666bb5cb005abc3e73ff1f8758a7a415af7b2329c4bf66857dcb299679c9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc58d93b9fe2e97efc63a436bcbec620ffb1e55e858a06758fae418826037f17
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE41A6712043819FE724DF36D844F5ABBE4AF85310F14861DF9A5A72D2D731EA05CB62
                                                                                                                                                                                                                                                                                                                                                      Function 00114416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0011CC08,00000000,?,?,?,?), ref: 001144AA
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 001144C7
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 001144D7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 515d7e41486d6db618c0e9094427e85f684be372f969ad8c969042ba056fc2ce
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a2372cf285cd8e1218b7142f154697aaa048be043c866cacf80ed34fa99352b8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 515d7e41486d6db618c0e9094427e85f684be372f969ad8c969042ba056fc2ce
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1531AD71200205AFDF289E38DC45BEA7BA9EB08734F204325F975921E1D770EC909B90
                                                                                                                                                                                                                                                                                                                                                      Function 0010304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0010335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00103077,?,?), ref: 00103378
                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0010307A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010309B
                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000,?,?,00000000), ref: 00103106
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a765e76c65108593f9b172da38d542971061313e017882e5d260b499899ce66d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 484fb45be502af8dbb6c22af52ab32e12e5e9804927ca21702e321f800448882
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a765e76c65108593f9b172da38d542971061313e017882e5d260b499899ce66d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84310439200205DFCB14DF28C585EAA77E8EF54318F258059E8A58B7D2CBB2EE41C760
                                                                                                                                                                                                                                                                                                                                                      Function 00113EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00113F40
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00113F54
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00113F78
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9fa56edbaf7d40428a1bb48547212d35747220320ace9e30121bfc3ed87067d8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 799155d369b787fc23bbfefabbe0cab93f912baf53d84d7b2ae6841bced4a648
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fa56edbaf7d40428a1bb48547212d35747220320ace9e30121bfc3ed87067d8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E219C32600219BFDF299F50DC46FEA3B79EB48724F110224FA157B1D0D7B1A995CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00114653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00114705
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00114713
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0011471A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ee066daf2ca7c739c9b604429467d97074752ce0b92902b8c15b2f8abe8bcb5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a830935f89526871ce0138fd7b4586594bfaa86f3f10d40e6d557b3440634274
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ee066daf2ca7c739c9b604429467d97074752ce0b92902b8c15b2f8abe8bcb5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 642160B5600208AFEB15DF64DCC1DE737ADEB5A798B140059FA009B391CB71EC91CB60
                                                                                                                                                                                                                                                                                                                                                      Function 000E95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2d6df5d1f9d2be0b10c2ff4425252e49a27b99256bff54110eee0e2ebf425d6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d530f515b713bec32640d37058dca6c113e2bed6381ad76e100fa7b08a6c5aea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d6df5d1f9d2be0b10c2ff4425252e49a27b99256bff54110eee0e2ebf425d6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A215B72208691AAC731BB269C02FFBB3E8AF91300F10443AF949A7146EB91DD91C395
                                                                                                                                                                                                                                                                                                                                                      Function 001137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00113840
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00113850
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00113876
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f27aa2431ca6bad5e326c99b674b6f701611e59cb8d60878c1558ba6371af12
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2d8c24fabd308def753c6e2d372fd1cdab968bea6aa63487b055c61686c559d3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f27aa2431ca6bad5e326c99b674b6f701611e59cb8d60878c1558ba6371af12
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22217C72610218BBEF259F54DC85FEB376AEF89750F118224F9149B194C7719C928BA0
                                                                                                                                                                                                                                                                                                                                                      Function 000F49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 000F4A08
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 000F4A5C
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,0011CC08), ref: 000F4AD0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a8219cd20a7a41e0788b9a87d058ea034495151311004723270b4f76fa01cf0a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9adc753af89d2108c0ed614f4ad3cea592370b1d6c203770dae8156bb13b7c7b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8219cd20a7a41e0788b9a87d058ea034495151311004723270b4f76fa01cf0a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9316F75A40109AFDB10EF54C985EEA7BF8EF09308F1480A9F909DB252D771ED45CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 001141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0011424F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00114264
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00114271
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e7e0313170a119ddd47075035c689160c1ddec97edd022f08243972ddab93533
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef0a43bd69dbf9a5cc8203b682a2db87df748338a08cd4cd40cb92f73adb8fcf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7e0313170a119ddd47075035c689160c1ddec97edd022f08243972ddab93533
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D611E031240208BFEF249E28DC06FEB3BACEF95B64F110124FA55E60A0D371DC919B20
                                                                                                                                                                                                                                                                                                                                                      Function 000E2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00086B57: _wcslen.LIBCMT ref: 00086B6A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 000E2DC5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 000E2DD6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E2DA7: GetCurrentThreadId.KERNEL32 ref: 000E2DDD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 000E2DE4
                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 000E2F78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E2DEE: GetParent.USER32(00000000), ref: 000E2DF9
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 000E2FC3
                                                                                                                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,000E303B), ref: 000E2FEB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c38bebe77346df99db1bae8388bf500a6912ff3b461ea3543795b1d1c4ada787
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ec943d7f9772608ae70fd31bd3689d0699d3af639107c2503fbcee63c203736
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c38bebe77346df99db1bae8388bf500a6912ff3b461ea3543795b1d1c4ada787
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A11B4B56002456FCF547F718C99EEE376AAF94314F048075FA09AB253DF319945CB60
                                                                                                                                                                                                                                                                                                                                                      Function 00115882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 001158C1
                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 001158EE
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 001158FD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bf3243d8fa09a20b698bef64123c34747c734d46e066ac4b5dc29ff5d50c9be7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 039cf17814c501c4a9047d25db4fd5f8eb472e9a9b28a437ebc7d71aa12dd37f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf3243d8fa09a20b698bef64123c34747c734d46e066ac4b5dc29ff5d50c9be7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E016D31600218EFDB659F11DC44BEEBBBAFB85364F1080A9E849D6151EB308AC4EF61
                                                                                                                                                                                                                                                                                                                                                      Function 000E007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e5b6efc1311310f4eb505f066816e4cdc61aeb7766fe4e1ea514d68b2259df53
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 999aa8324fcc0c0f3e06d788f2b75b01cb10d0cb3c9c56a1f7011d3f476dab2f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5b6efc1311310f4eb505f066816e4cdc61aeb7766fe4e1ea514d68b2259df53
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40C15C75A00246EFDB14CFA5C898EAEB7B9FF48704F208598E505EB251D771EE81CB90
                                                                                                                                                                                                                                                                                                                                                      Function 0010342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dcec2440c3469ba1b71d2b1cefd1c55bb02f86a675844206dd8e330d7a067bc5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 93da08f01c5340a060cd987fe6f0cbfcd8a30e737ca4784ec94982f74660155f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcec2440c3469ba1b71d2b1cefd1c55bb02f86a675844206dd8e330d7a067bc5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4A17E756047009FC704EF28C485A6AB7E9FF88714F14885DF99A9B3A2DB71EE01CB91
                                                                                                                                                                                                                                                                                                                                                      Function 000E0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0011FC08,?), ref: 000E05F0
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0011FC08,?), ref: 000E0608
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,0011CC40,000000FF,?,00000000,00000800,00000000,?,0011FC08,?), ref: 000E062D
                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 000E064E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 17f46159c27634583fbd0db8c971bba5171109f0dc0b34f2915c423bd0d4b218
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f17fdca730cccdb117fb8ca1fc5958fe843ae8f4d65c9b1a2235bf6bf3fc3c74
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17f46159c27634583fbd0db8c971bba5171109f0dc0b34f2915c423bd0d4b218
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B810975A00109EFCB04DF94C984EEEB7B9FF89315F204558E516BB250DB71AE46CB60
                                                                                                                                                                                                                                                                                                                                                      Function 0010A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0010A6AC
                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0010A6BA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0010A79C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0010A7AB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,000C3303,?), ref: 0009CE8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 47e43937cfd3b07f5908eb10a0efb016f25371727b273e5cea5616081cacb0ed
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c929a95d3803df3c9e0f3f6bd93e6827dca0707520f9144aaa5ff7f4561b6f90
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47e43937cfd3b07f5908eb10a0efb016f25371727b273e5cea5616081cacb0ed
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66514B71508311AFD710EF24C886AABBBE8FF89754F40892DF5C597292EB71D904CB92
                                                                                                                                                                                                                                                                                                                                                      Function 000C1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 34b10bdaef1e457774232336cf0d0aff6e6807fef55ad9ae8a396504de7e64dc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3fe3ee34646d37df2c77b3d55b9ce1c72a25085c1325200ed960cedb3b4bdf8f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34b10bdaef1e457774232336cf0d0aff6e6807fef55ad9ae8a396504de7e64dc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB413731A40501ABDB297BF88C46FFE3AE5EF43370F24462DF419D6293E634894153A2
                                                                                                                                                                                                                                                                                                                                                      Function 00116278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 001162E2
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00116315
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00116382
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ad0320d8759720fa204df5d7a66872319fec8b96a5fba01d167029f8147e4e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26dd88f289facc83915bcf71b7997a7d800387e597102b7b576adf7cda393fc0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ad0320d8759720fa204df5d7a66872319fec8b96a5fba01d167029f8147e4e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30513A74A00209EFCB19DF68D980AEE7BB5FB55364F108169F8699B290D731ED81CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00101AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00101AFD
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00101B0B
                                                                                                                                                                                                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00101B8A
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00101B94
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 060bbaf68ea8933d6b06dd8348d68046ab4d514c42abf11be5d10bda0862811b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 449aef950e4f409ac780a691b0e9987cd49da284b45e3a29641b3ae19962892d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 060bbaf68ea8933d6b06dd8348d68046ab4d514c42abf11be5d10bda0862811b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C441D074600200AFE720AF24C886FA977E5AB44718F54C498FA9A9F7D3D7B6DD418B90
                                                                                                                                                                                                                                                                                                                                                      Function 000BB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5f48c4e14175a3975d05a94eaadc40ad5f437594441e5ed4280305a720973fb9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4a660db280874cf80562f29ffb9957235d32a598463117ec74ee16a2ff42b141
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f48c4e14175a3975d05a94eaadc40ad5f437594441e5ed4280305a720973fb9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A41E271A40704AFD724AF78CC41BEEBBE9EB89710F10462EF146DB282D7B199018780
                                                                                                                                                                                                                                                                                                                                                      Function 000F56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 000F5783
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 000F57A9
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 000F57CE
                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 000F57FA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9d130c5080be82fa898452b60571b0d91768c7fea8708624a6ac411c96339799
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3f5b6a3533805ff0501a4cedb20fcbb0e34660f4bb1ca5a63e1c747406f378e3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d130c5080be82fa898452b60571b0d91768c7fea8708624a6ac411c96339799
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B413C39200A10DFCB10EF15C544A9DBBE1BF89320B18C488E95A6B766CB70FD41DB91
                                                                                                                                                                                                                                                                                                                                                      Function 000BD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,000A6D71,00000000,00000000,000A82D9,?,000A82D9,?,00000001,000A6D71,?,00000001,000A82D9,000A82D9), ref: 000BD910
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 000BD999
                                                                                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 000BD9AB
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000BD9B4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000B3820: RtlAllocateHeap.NTDLL(00000000,?,00151444,?,0009FDF5,?,?,0008A976,00000010,00151440,000813FC,?,000813C6,?,00081129), ref: 000B3852
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d1dc9b048d2d867d426f9bf790853e1df37c4d122e59b1e3722b64d1800f3487
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7df9f0fdb0ec68c462dfcb96b2fd6458af851fda004e944efeb6dc4138e87eff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1dc9b048d2d867d426f9bf790853e1df37c4d122e59b1e3722b64d1800f3487
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E031BE72A1020AABDF299F64DC41EEFBBA5EB41310F15416AFC04D7251EB35CD50CB90
                                                                                                                                                                                                                                                                                                                                                      Function 001152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00115352
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00115375
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00115382
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 001153A8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4a402e12a81f8b8317b91344fc4b90f8914a17a57a6d8e53ba6825967a8fefe9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7467c810c3c6c29e12ae28c90c3a906e9104b5d73676b75834947421b22fa1b9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a402e12a81f8b8317b91344fc4b90f8914a17a57a6d8e53ba6825967a8fefe9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C31B234A75A08EFEB3C9A14CC05BE83767BB84390F584122FA20972E1C7B099C0EB41
                                                                                                                                                                                                                                                                                                                                                      Function 000EAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 000EABF1
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 000EAC0D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 000EAC74
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 000EACC6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5d2766b22a9ba6691f0428d19f5ab3f19395788da682f165d97789aab0636ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 421d779f74c1965499e6386b0f00ce3e2880adc1105dc1df669b235980d3f54b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5d2766b22a9ba6691f0428d19f5ab3f19395788da682f165d97789aab0636ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D310830B407986FEF35CB668C047FE7BE5AB8E310F28421AE495722D1C375A9858793
                                                                                                                                                                                                                                                                                                                                                      Function 00117674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0011769A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00117710
                                                                                                                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,00118B89), ref: 00117720
                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 0011778C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3e8dffde6532751992ce93648f6b1c2c876a5d6353f4d481617791a24e99bcd5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a3139dd6ef7d77366983e4942caf4042f85abed0c90644905ca6499f0061e61a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e8dffde6532751992ce93648f6b1c2c876a5d6353f4d481617791a24e99bcd5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C417A34A09254EFDB0ACF58C898EE9B7F5BB49314F1581B8E8149B3E1C730A9C1CB90
                                                                                                                                                                                                                                                                                                                                                      Function 001116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 001116EB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 000E3A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: GetCurrentThreadId.KERNEL32 ref: 000E3A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,000E25B3), ref: 000E3A65
                                                                                                                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 001116FF
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 0011174C
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00111752
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bf2be66805bb8e5c6f54be42935f0724a59236fd4c7c3f066c2171b377560296
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1f2e36126b6247211c55e41b4efa38592d244435825dacc666059030061f9036
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf2be66805bb8e5c6f54be42935f0724a59236fd4c7c3f066c2171b377560296
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C316D71D00149AFDB04EFA9C881CEEBBF9FF48304B5080A9E555E7652D7319E41CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 00118FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00099BB2
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00119001
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,000D7711,?,?,?,?,?), ref: 00119016
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0011905E
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,000D7711,?,?,?), ref: 00119094
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b48a6f27aa16a7d55801ef2ca96eaff65bcb74586df871fb0de1a48585d9d3fb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: be5fe8eef463112a7519fa81f094897a77b3e537e12bb1bf404ce09f52b4e7e1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b48a6f27aa16a7d55801ef2ca96eaff65bcb74586df871fb0de1a48585d9d3fb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78219F35600118FFCB2ACF94CC68EEA7BB9EB49361F044169F9154B261C3319DD0DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000ED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,0011CB68), ref: 000ED2FB
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000ED30A
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 000ED319
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0011CB68), ref: 000ED376
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ccb69007ee9c7a3cbf87499a6e5400898908062269033e79f7bf4260f7726e27
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c1bb94e050386ca2bc58992d8e3292746573b5514dab2c2ec9f3e0ddfa19c669
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccb69007ee9c7a3cbf87499a6e5400898908062269033e79f7bf4260f7726e27
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0217C745082419F8314EF39C9818AEB7E4EF96364F504A1EF499E72A2DB309A45CB93
                                                                                                                                                                                                                                                                                                                                                      Function 000E1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 000E102A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 000E1036
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 000E1045
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 000E104C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 000E1062
                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 000E15BE
                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 000E15E1
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000E1617
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000E161E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99f65bf707261d3d9ca6364230b9fa5771c1ccabd8f65dd93512fd2addeecbfd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 95d2dd936baafca48772a5f94fcfd66e01f171769b1b1f3e741693d9dc518d44
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99f65bf707261d3d9ca6364230b9fa5771c1ccabd8f65dd93512fd2addeecbfd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC216632E41208EFDF04DFA6C949BEEB7F8EF44354F088459E445AB241E770AA45CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00112782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0011280A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00112824
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00112832
                                                                                                                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00112840
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9e75010353a870b801ea572767d5bf2427550a1bd4b3b6c3f6be2b6b4fb57169
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 37987e8a1b6753f739d6a158ba166b93dbb6e2402a46ad566715e65c9060a7c7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e75010353a870b801ea572767d5bf2427550a1bd4b3b6c3f6be2b6b4fb57169
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4221B331304511AFD7189B24D845FEA7B95AF56324F148168F4268B6E2C771FCD2C7D0
                                                                                                                                                                                                                                                                                                                                                      Function 000E78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,000E790A,?,000000FF,?,000E8754,00000000,?,0000001C,?,?), ref: 000E8D8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E8D7D: lstrcpyW.KERNEL32(00000000,?,?,000E790A,?,000000FF,?,000E8754,00000000,?,0000001C,?,?,00000000), ref: 000E8DB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E8D7D: lstrcmpiW.KERNEL32(00000000,?,000E790A,?,000000FF,?,000E8754,00000000,?,0000001C,?,?), ref: 000E8DE3
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,000E8754,00000000,?,0000001C,?,?,00000000), ref: 000E7923
                                                                                                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,000E8754,00000000,?,0000001C,?,?,00000000), ref: 000E7949
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,000E8754,00000000,?,0000001C,?,?,00000000), ref: 000E7984
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67bfa19c3df3229e397b360a41fb33adb4716e65e6750e2c0c8265bdd4415fd3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d564511b25123ed7c8fe603c3befc8972eaa0d73193d68d2cc5f6ee8a5c7da4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67bfa19c3df3229e397b360a41fb33adb4716e65e6750e2c0c8265bdd4415fd3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B211E93A204382AFCB155F35DC45EBA77E5FF85350B50802AF94AC7265EF319811D791
                                                                                                                                                                                                                                                                                                                                                      Function 00117CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00117D0B
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00117D2A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00117D42
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,000FB7AD,00000000), ref: 00117D6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00099BB2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 686af664d4f8b4e1bd2add7e97348337fc3429cfe9f8c6db716e20dc692c9cce
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f0954282971474c8fdbf8a8a0c15803451bb0f0fbf6699fd53aff95532023cc1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 686af664d4f8b4e1bd2add7e97348337fc3429cfe9f8c6db716e20dc692c9cce
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811CD31204A69AFCF188F68DC04AE63BA5AF45364B118738F839CB2F0D7308990CB80
                                                                                                                                                                                                                                                                                                                                                      Function 00115660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 001156BB
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001156CD
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001156D8
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00115816
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 346c73491e5dd214cb4a86d2a9dd5acf0cd7cb4d974a1e5eba7bcbbac00b65a1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1db0cb0933873d90315899c5002d34de2ed8d31341481e42817df987625abdc0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 346c73491e5dd214cb4a86d2a9dd5acf0cd7cb4d974a1e5eba7bcbbac00b65a1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A11B175A00608EADB289FA5CC85AEE77BCAF95764B104036F915D6181F7708AC4CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000B1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2a1d27f26dde0c2898ddd91c529f78cc3089212743f02299f85c5d28187ea847
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e391b57b72718d98283d3a5b5795a5a49c68c624303b900f6e4660aeac9957a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a1d27f26dde0c2898ddd91c529f78cc3089212743f02299f85c5d28187ea847
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0501D1B220961A7EF66126B86CD0FEB669DDF417B8F700725F521A11D2DB70CC404170
                                                                                                                                                                                                                                                                                                                                                      Function 000E1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 000E1A47
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000E1A59
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000E1A6F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000E1A8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d094aded5151751a87a9150afa01fcfcbbe451990902dd55f377f9f68e57bb88
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 08f7ca6bf1ee8b4c18bceabfa290c798c3834a5faba77dc8444af1d85002bbda
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d094aded5151751a87a9150afa01fcfcbbe451990902dd55f377f9f68e57bb88
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB113C3AD01219FFEB10DBA5CD85FEDBB78EB04750F2400A1E600B7290D6716E50DB94
                                                                                                                                                                                                                                                                                                                                                      Function 000EE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000EE1FD
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 000EE230
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 000EE246
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 000EE24D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e155fd7b7ecd74f46da0c0963c1d7a4ac6813d7f1c288696b8d1233e910ca1df
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7e07670696b3c9d195c2b46c29bb6d193531e573a6e81bb8b3451d6f9af4cb61
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e155fd7b7ecd74f46da0c0963c1d7a4ac6813d7f1c288696b8d1233e910ca1df
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B110876904298FFC7059FA8DC05BDE7FADAB45321F008219F924E7691D3B0894487A0
                                                                                                                                                                                                                                                                                                                                                      Function 000AD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,000ACFF9,00000000,00000004,00000000), ref: 000AD218
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000AD224
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000AD22B
                                                                                                                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 000AD249
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2feaddbf513bb0671564270c5056851eca592f08cea0760c061d53bc20867c14
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 58b2706519547cbee9284027c9058ca32c39a150e001d765bcaee953264227b7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2feaddbf513bb0671564270c5056851eca592f08cea0760c061d53bc20867c14
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF01D276845204BBDB216BE5DC09BEE7AA9EF93330F10422AF926965D1DF70C941C7A0
                                                                                                                                                                                                                                                                                                                                                      Function 00119EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00099BB2
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00119F31
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00119F3B
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00119F46
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00119F7A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c72e4a974dde6b2037a7f2840524ec5d63dd875d21e3c9d5b9d36451b275bed3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 18006d26deeb25d7c6d9da1e04c0d875e1ae4ea0cc3712481f304815200c8c80
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c72e4a974dde6b2037a7f2840524ec5d63dd875d21e3c9d5b9d36451b275bed3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1811483290021ABBDB19DF68C9559EE7BB9FB05311F004465F921E7140D330BAC2CBE1
                                                                                                                                                                                                                                                                                                                                                      Function 0008600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0008604C
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00086060
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 0008606A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 83632e4f33af7053630e4f11f4e2580fce225cfb2478842c066aa1d925adbb19
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cc94e252ef0f3be264d7d9b2d52f10c6db4b343ef6b61310f9b336b2abab968d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83632e4f33af7053630e4f11f4e2580fce225cfb2478842c066aa1d925adbb19
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6411AD72101508BFEF265FA48C54EEBBBA9FF083A4F014215FA4452110D733ACA0DFA0
                                                                                                                                                                                                                                                                                                                                                      Function 000A3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 000A3B56
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 000A3AD2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000A3AA3: ___AdjustPointer.LIBCMT ref: 000A3AED
                                                                                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 000A3B6B
                                                                                                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 000A3B7C
                                                                                                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 000A3BA4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91ecfecfc21e36ee232e370c2d6aa83d06aca6e489155c421c5c29accb6e02f3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97014C32100148BBDF125ED5DC42EEB7FAEEF9A754F044014FE4856122C776E961DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000B3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,000813C6,00000000,00000000,?,000B301A,000813C6,00000000,00000000,00000000,?,000B328B,00000006,FlsSetValue), ref: 000B30A5
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,000B301A,000813C6,00000000,00000000,00000000,?,000B328B,00000006,FlsSetValue,00122290,FlsSetValue,00000000,00000364,?,000B2E46), ref: 000B30B1
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,000B301A,000813C6,00000000,00000000,00000000,?,000B328B,00000006,FlsSetValue,00122290,FlsSetValue,00000000), ref: 000B30BF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8b7980602a507e8226039bb99085b14c020cb7449e0e275679f4dc01283112af
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 44f65619ecf4cfa6c79fc1935525ba265bafcf476fd76a9cfc5103cbabca6233
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b7980602a507e8226039bb99085b14c020cb7449e0e275679f4dc01283112af
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB01F736765732EBCB319BB8AC54AD77BD8AF05B61B304720F906E7140DB21D941C6E0
                                                                                                                                                                                                                                                                                                                                                      Function 000E7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 000E747F
                                                                                                                                                                                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 000E7497
                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 000E74AC
                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 000E74CA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3f33137648c2d820508fa64750b0bab9ef99d55e52b28580ceaaab67af09b4e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3e8a5d2cb1734d15d35c5fec7b402402f7d394cbf05939a61fd3ea4aef406b8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f33137648c2d820508fa64750b0bab9ef99d55e52b28580ceaaab67af09b4e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311ADF5249354AFE7308F15ED08F967BFCEB00B00F108569EA1AEA591D7B0E944DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 000EB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,000EACD3,?,00008000), ref: 000EB0C4
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,000EACD3,?,00008000), ref: 000EB0E9
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,000EACD3,?,00008000), ref: 000EB0F3
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,000EACD3,?,00008000), ref: 000EB126
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: adc259fe05289f288596e8ef5066c992a03a900958d148d6113fa9dcfd429968
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 87f04155bcfc5eaac0ab27c60241ada5a5753445cc43d2f2d8e83c76285dd449
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adc259fe05289f288596e8ef5066c992a03a900958d148d6113fa9dcfd429968
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC116D31C4166CEBCF14AFE6E9987EFBB78FF09721F508086D941B2191CB3096909B91
                                                                                                                                                                                                                                                                                                                                                      Function 00117E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00117E33
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00117E4B
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00117E6F
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00117E8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3a674c703776e379ef36d44ec40ab7bfa9e8a9a36f80c73a8f4454e58020249e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1cd14e0b13e3e0668faa72be48631acfff0401e89c76999054b4fdf426c202b9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a674c703776e379ef36d44ec40ab7bfa9e8a9a36f80c73a8f4454e58020249e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 231163B9D0024AAFDB41CF98C9849EEBBF5FB08310F108066E911E2650D734AA94CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000E2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 000E2DC5
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 000E2DD6
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000E2DDD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 000E2DE4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0fc2983e340f94c2ccb0194f31f36f7de3aff458068f5335f28c2b2f0191e8c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1cd38f8dad22ce2b6643de3f435a0fedf3e6f24516916cd75067912afcb2de76
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fc2983e340f94c2ccb0194f31f36f7de3aff458068f5335f28c2b2f0191e8c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BE09271585624BBD7241B739D0DFEB3E6CEF42BA1F004115F205E1580DAA0C880C6F0
                                                                                                                                                                                                                                                                                                                                                      Function 00118863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00099693
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099639: SelectObject.GDI32(?,00000000), ref: 000996A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099639: BeginPath.GDI32(?), ref: 000996B9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00099639: SelectObject.GDI32(?,00000000), ref: 000996E2
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00118887
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,?,?), ref: 00118894
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 001188A4
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 001188B2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aea8fc5829f6530568d86d943b3079a7354fef190a1180011e2efe5b64246e9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 86b4408f4e562b71ee02278c722e89ba5ff91263dd5f21ff1d6aea614a0abd3f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aea8fc5829f6530568d86d943b3079a7354fef190a1180011e2efe5b64246e9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DF05E3A081268FADB165F94AD0AFCE3F59AF0A311F04C000FA11654E2C7755591DFE9
                                                                                                                                                                                                                                                                                                                                                      Function 000998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 000998CC
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 000998D6
                                                                                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 000998E9
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 000998F1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7ec242733a9f16f84ace6790b4c15bbb18dc9b350c46384665e5b20f4ee8e33f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dc1679623291d85b23a1238ae451b80ea0e97d782462f2910cc76570b6d220fa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ec242733a9f16f84ace6790b4c15bbb18dc9b350c46384665e5b20f4ee8e33f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8E06D312C4680FADB615B78BD09BE83F61AB52336F14C21AF6FA584E1C37146809B21
                                                                                                                                                                                                                                                                                                                                                      Function 000E162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 000E1634
                                                                                                                                                                                                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,000E11D9), ref: 000E163B
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,000E11D9), ref: 000E1648
                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,000E11D9), ref: 000E164F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 18b1ff37a5d561559ad00b454031a048277c72e97e23d87e0c8abfdeb7e104f1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21849698707c04415b66d17053bb72a6cc2299bd3f7d5a5748c2526e9ea469d3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18b1ff37a5d561559ad00b454031a048277c72e97e23d87e0c8abfdeb7e104f1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4E08635641211DFD7601FA19F0DBC73BBDBF54791F14C808F245D9080D6344580C790
                                                                                                                                                                                                                                                                                                                                                      Function 000DD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000DD858
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 000DD862
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 000DD882
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 000DD8A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 195a09a2c0d3e6fe2b01d4981bce95b339f7f2e588422d75c50f5f97862c6ae0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 191bc65874bf1cb8b7130a3d4cc66149cc4e7df61db3dcb92c889f4a80f131d4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 195a09a2c0d3e6fe2b01d4981bce95b339f7f2e588422d75c50f5f97862c6ae0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEE01274844204DFDF559FA0D9086ADBBB1FB08310F10D015F84AE7750C7344541EF90
                                                                                                                                                                                                                                                                                                                                                      Function 000DD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000DD86C
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 000DD876
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 000DD882
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 000DD8A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ec73258389f16895794bdf2085d09741a7c76a008d430f6c11f0a199b512a83
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 96b48c6091784f8997273edd6ea05b3ebb607570efc518a55dfcda5756f7a3b4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ec73258389f16895794bdf2085d09741a7c76a008d430f6c11f0a199b512a83
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34E01A74C44200DFCF54AFA0D9086ADBBB1BB08310B109009F94AE7750C7385941EF90
                                                                                                                                                                                                                                                                                                                                                      Function 000F4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00087620: _wcslen.LIBCMT ref: 00087625
                                                                                                                                                                                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 000F4ED4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c9168e77a1fc43cefd3e7ccfbc1276d87b0c1b904454d59dfe31494762d7ea37
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6c21d2de99ba1fbb8d9c53611500670a6472da1e07b10a3a909495690f5aad5d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9168e77a1fc43cefd3e7ccfbc1276d87b0c1b904454d59dfe31494762d7ea37
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93918075A002089FCB14DF58C484EBABBF1BF44304F1880A9E94A9F762D771ED89DB90
                                                                                                                                                                                                                                                                                                                                                      Function 000AE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 000AE30D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 167651937aebd741eda3c532183f824f4344b261e57d76f6420798173a3c15a8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4ab83393c305ccc9b5458be27111285301a70e9470c311522fdbe9612547adf2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 167651937aebd741eda3c532183f824f4344b261e57d76f6420798173a3c15a8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08517E61A0C242A6CF757764CD453FD3BE4EF91780F3049A8E0EA462E9EB34CDD19A46
                                                                                                                                                                                                                                                                                                                                                      Function 0009E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e694dfdbbd56f929d7643798316d0ed10523dda00d179d6871070af4a2b95304
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7b29b95912cdaa720285dadfb512e252c7e9d3270ec40bab2644ed113520691d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e694dfdbbd56f929d7643798316d0ed10523dda00d179d6871070af4a2b95304
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0051E035908386DFDFA5EF68C4816FA7BE4EF65310F244056E8919F391DA309D42DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0009F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0009F2A2
                                                                                                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 0009F2BB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a922471337ccee103671f989605c41bc7906c8a2b08734514b9a2ed7e4ba479
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b9abb0f8daeb6515670d6e6c5bb1b05805b7d7ccd276baff7474bf0d25892e5e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a922471337ccee103671f989605c41bc7906c8a2b08734514b9a2ed7e4ba479
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3513871408744ABE320AF10E886BABBBF8FF84314F91885DF1D951196EB318569CB67
                                                                                                                                                                                                                                                                                                                                                      Function 00105745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 001057E0
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001057EC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 813f8bb218693ea81f7cb23c41bbad787d8ddeb37d896b8078051d756413b308
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a48b35611f55deb0ecd4f26e8198751dfec0e40f5d374fb9c9b4b6c0cbed7001
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 813f8bb218693ea81f7cb23c41bbad787d8ddeb37d896b8078051d756413b308
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8641A171A005099FCB04EFA9C8819FEBBB6FF59310F14806AE945A7292E770DD81CF90
                                                                                                                                                                                                                                                                                                                                                      Function 000FD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FD130
                                                                                                                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 000FD13A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf0a51b96bf2d3df7700f2c4a3026c6f2583eeb2622072980247979539541e56
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e480014a94de88d74e3bf7304006b3fba75335bbc9e9526fd8569529a209c09f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf0a51b96bf2d3df7700f2c4a3026c6f2583eeb2622072980247979539541e56
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32312F71D00219ABCF15EFA4CC85EEEBFBAFF05310F100019F915A6166EB31AA56DB60
                                                                                                                                                                                                                                                                                                                                                      Function 0011356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 00113621
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0011365C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fa27774d01feea9d2a5d0311e2d0a8f16fde9a420e20008773b2ff47ddc2249
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a489a41085e7f4d9e0d02b5a6abd8dda0a252f70d60192cf56975295f4e61174
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fa27774d01feea9d2a5d0311e2d0a8f16fde9a420e20008773b2ff47ddc2249
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52319E71110604AEEB189F28DC80FFB73A9FF88764F108629F9A597280DB31AD91D760
                                                                                                                                                                                                                                                                                                                                                      Function 00114537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0011461F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00114634
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 09ff31fd69438f6db5617342f781418a6f98825d5001575a34aa605e5e83563b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac07e66ce7521dcaa612630edff1727392540d3c808e770755adfef6f8c3bde7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09ff31fd69438f6db5617342f781418a6f98825d5001575a34aa605e5e83563b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46311974A013099FDB58CF69C990BDA7BB6FF49704F14406AE905AB351D770A981CF90
                                                                                                                                                                                                                                                                                                                                                      Function 001131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0011327C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00113287
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4e82db16e9a94a4fc5ad488f8496db1e47bb41a2f2b270c5c49566b15e3edae2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a39285a097b2b4d1f6c26492a196deb2544f133d24edcdc52412c5896081516b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e82db16e9a94a4fc5ad488f8496db1e47bb41a2f2b270c5c49566b15e3edae2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E311B2713002087FEF29AE54DC80EFB376BEB983A4F104134F928A7294D7319D918760
                                                                                                                                                                                                                                                                                                                                                      Function 00113710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0008600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0008604C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0008600E: GetStockObject.GDI32(00000011), ref: 00086060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0008600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0008606A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0011377A
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00113794
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f92e35eb9db247ad27139721204243cd001e0b8239230f79eb3c8ede46b9ee79
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ccd1ea53fee7b8278a9f558312c156456eac6b64010191dc2f94d89811f2822f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f92e35eb9db247ad27139721204243cd001e0b8239230f79eb3c8ede46b9ee79
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34113AB2610209AFDF05DFA8CC45EEA7BB8FB08354F014524F965E2250E735E891DB50
                                                                                                                                                                                                                                                                                                                                                      Function 000FCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 000FCD7D
                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 000FCDA6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c8c32ae3437f958ca965610da4bcd25c699111043a4efdbdaf3f8818e180a3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a41c477dd43beea5dcb25885712bfbf8c6db366bc1804b736d6d6546bf47238
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c8c32ae3437f958ca965610da4bcd25c699111043a4efdbdaf3f8818e180a3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8411C67124563DBAE7784B668D46EFBBEACEF127A4F004226B20993480D7749841E6F0
                                                                                                                                                                                                                                                                                                                                                      Function 00113429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 001134AB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 001134BA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e17a1ec41dbb4f0098c182105258e6dea770c36781ba2f4da61f4b1cb2056780
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7c13386144f1d8b071ffb6618a35d25fd3b7b2fbd91915d1ed701d59333565ce
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e17a1ec41dbb4f0098c182105258e6dea770c36781ba2f4da61f4b1cb2056780
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A116D71100208AEEB2A8E64DC44AEB376AEB15374F504324F975975D8C771DCD19B50
                                                                                                                                                                                                                                                                                                                                                      Function 000E6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?), ref: 000E6CB6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000E6CC2
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f9ce072895ac75253ada4390f03d34b7007c8dc2063091daea921331694a678c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 397cff829d6ebd7b79b81757d267f11fc8ad296d87fadc5564704a64ff225123
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9ce072895ac75253ada4390f03d34b7007c8dc2063091daea921331694a678c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1010832A045668FCB60AFBEEC408BF73E5FB71750B500534E452A2192EB33D800C750
                                                                                                                                                                                                                                                                                                                                                      Function 000E1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 000E3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 000E1D4C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1bc4e9c6411d688614cfbb0826135221b2f8340be98ce94746262b8d93d8c92b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e5d4db60d4f326ce6a2a30ac26da8c6b680f97c3bbf61e00eeb7ec61da88333f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bc4e9c6411d688614cfbb0826135221b2f8340be98ce94746262b8d93d8c92b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD01D471605218AFCB18FBA5CD55CFE77A9FB46360B140619F872773D2EA3199088760
                                                                                                                                                                                                                                                                                                                                                      Function 000E1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 000E3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 000E1C46
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e89b9eb0785fc1cdb9d1fd8d06ac1056783da0dff6913c19a8bd5a4edb14d8e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 11e79ef6ebe1817d906c42bf65c5c38e7bbf971a204dd795d9d7205ee7b6b91f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e89b9eb0785fc1cdb9d1fd8d06ac1056783da0dff6913c19a8bd5a4edb14d8e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3801A7757811486FCB14FB91CA569FF77E9AB11340F240029B456B7283EA319E08C7B1
                                                                                                                                                                                                                                                                                                                                                      Function 000E1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 000E3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 000E1CC8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c61f0fab739fdd1b297f5fb7fd07a6bf5515be8fb272b07037284316be7cd481
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dfda6a0a1b8e108d17012e4deb5e45d7b6f55133d51cb28d7541663d62f7e186
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c61f0fab739fdd1b297f5fb7fd07a6bf5515be8fb272b07037284316be7cd481
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1301D6B16811586FCB14FBA1CA06AFE77E8AB11340F640025B842B3283EA319F08C7B1
                                                                                                                                                                                                                                                                                                                                                      Function 000E1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00089CB3: _wcslen.LIBCMT ref: 00089CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 000E3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 000E1DD3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 30f652442788b3ded3df86afa74b8bc8ee91b543b92f440042ce912c8b108cee
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 77208f193d3f38ed89f6cdac61c469aa92f4b173dc75ee377395747195999469
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30f652442788b3ded3df86afa74b8bc8ee91b543b92f440042ce912c8b108cee
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43F0A471A452196BDB14F7A5CD56AFE77A8BB01350F580915B862732C3EA71990883A0
                                                                                                                                                                                                                                                                                                                                                      Function 0010747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6ec06ee6f2c74dc4479e9bfec460898cea604145173846a06564c3998d5c2a6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2bf90cfdf8f23cf1bfc029838cdfdc5dbdd0b811c5acc41223a57ef6c239ad19
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6ec06ee6f2c74dc4479e9bfec460898cea604145173846a06564c3998d5c2a6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49E02B26A0426010D23116B9ACC19BF968DDFC6750710182BF9C1C22E7EBD49DA193A0
                                                                                                                                                                                                                                                                                                                                                      Function 000E0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 000E0B23
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3c3fb9a5430a41a1c3a49399e2467410ebd8f3c77158f63c8afc287076792979
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6207e0424804aefc1e13e510199abdb1f90cdacbff3bb9ffd9ef69cadb3059a4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c3fb9a5430a41a1c3a49399e2467410ebd8f3c77158f63c8afc287076792979
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AE0D8312883082BD21436947C03FC97A859F06F14F100426F788A54C38BE224D056E9
                                                                                                                                                                                                                                                                                                                                                      Function 000A0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0009F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,000A0D71,?,?,?,0008100A), ref: 0009F7CE
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,0008100A), ref: 000A0D75
                                                                                                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0008100A), ref: 000A0D84
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000A0D7F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 45133b737023e02ab68895a52beea8e8130fdcdfb74eb9bd0f870871c9ca6daa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d19c4d0cb2e44ba9cafe8b68f8c0ad8db83285664be41bc49a4135287814cad
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45133b737023e02ab68895a52beea8e8130fdcdfb74eb9bd0f870871c9ca6daa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE092742007018BD3749FF8D508392BBE0BF01740F00893DE486C6A52DBF5E4888BD1
                                                                                                                                                                                                                                                                                                                                                      Function 000F3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 000F302F
                                                                                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 000F3044
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ef252ff9806acb63aa4b077433e3e407152b591401fff5ca77937fadb1274cc4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 60cb1e04578e22924a82af42b0b01fc4129534cd38a3b0df4bff2f42de4caa1b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef252ff9806acb63aa4b077433e3e407152b591401fff5ca77937fadb1274cc4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3ED05EB254032867DA20A7A4AD0EFCB7A7CDB05750F0002A1B655E20A1DAF09984CAD0
                                                                                                                                                                                                                                                                                                                                                      Function 00112322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0011232C
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0011233F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EE97B: Sleep.KERNEL32 ref: 000EE9F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3143c425a756258f5f4a76d7d78598763e49a85119be89cc3a92a2da751a41de
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 71ef276bf028282b48abb996e0253cc18e1c89790924c1d3388f66613a04a24b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3143c425a756258f5f4a76d7d78598763e49a85119be89cc3a92a2da751a41de
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DD022323D0350BBE2A8B370DC0FFC6BA049B00B00F0089027305AA1E1D9F0A880CA80
                                                                                                                                                                                                                                                                                                                                                      Function 00112356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0011236C
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 00112373
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 000EE97B: Sleep.KERNEL32 ref: 000EE9F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 242f15a67a7c11d1ef13827a7a213d724836149a1604d729e898f3b2a7cfbdea
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16c12882d559f9349f07f3fc9580e1d91f50561fcff6981d2bd97669c6591f18
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 242f15a67a7c11d1ef13827a7a213d724836149a1604d729e898f3b2a7cfbdea
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4D022323C03507FE2A8B370DC0FFC6B6049B00B00F0089027301EA1E1D9F0B880CA84
                                                                                                                                                                                                                                                                                                                                                      Function 000BBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 000BBE93
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000BBEA1
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 000BBEFC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1754001961.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1753978632.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.000000000011C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754087499.0000000000142000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754147918.000000000014C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1754185428.0000000000154000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_LbgqLv7gT7.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b14db334adbe22eb6e71b148d067eacd8fd39a798ab6c9bdc08e2d5c307cf688
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac9c38bb1a11a57f8e10ce613858554e12da62ca9c996bdc022739121166fd5d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b14db334adbe22eb6e71b148d067eacd8fd39a798ab6c9bdc08e2d5c307cf688
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4141C134604207AFCF758FA4CC44AFA7BE5AF52320F144169F9699B1A1EBB08D01CB60